> Could you create a patch for p-o-m against the unclean match? Yes i could.
I was hoping for some kind of discussion on it. Also i like it seperated from unclean, because unclean does not allow you to: -m unclen --unclean-option-x and if i just: iptables -A INPUT -m unclean -j DROP i will drop everything that unclean matches. Personally i like this kind of configuration. 1. match ip unused and log or drop 2. match some scans using --tcp-flags and reject with tcp-reset 3. match tcp scans using psd and reject with tcp-reset 4. match udp scans using psd and reject with icmp 5. match using unclean for anything else: bad chksum, bad frag offset, etc > Jozsef Maciej
