Ensel Sharon wrote: [ ... ]
Two questions: is it appropriate to have line 01000 above all of my bad-behavior lines ?
"established" means "ACK and not SYN", basicly. Your "bad behavior" rules wouldn't really match anything which matches established, but it's probably better to block known-bad stuff earlier on.
However, it's not the same thing as stateful tracking, which you might want to consider using depending on what you're doing...
-- -Chuck _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"