> Hello All,
>
> It says in the FAQ that using the 'reassemble tcp' scrub option keeps an
> observer from guessing how many hosts are behind a NAT gateway. The main
> thing I plan to use this for is to prevent my ISP from finding out I have
> more than 1 computer connected, and then start asking m
On Fri, 2003-08-15 at 15:00, Henning Brauer wrote:
> On Fri, Aug 15, 2003 at 02:14:27PM +0300, Nikolay Denev wrote:
> > i'm running obsd 3.3-stable from 25 Jun,
> > and it seems that it is not possible to specify
> > interface with dynamic address , i.e.: ($if_pppoe)
>
On Fri, 2003-08-15 at 15:06, Daniel Hartmeier wrote:
> On Fri, Aug 15, 2003 at 02:14:27PM +0300, Nikolay Denev wrote:
>
> > Is this intentional?, It seems to be useful to use interfaces with
> > dynamic addrs. and antispoof, without the need of ruleset reloading.
>
> Yes,
EADDR to ($if) keep state
work just fine, but : "antispoof for ($if)" gives me syntax error
Is this intentional?, It seems to be useful to use interfaces with
dynamic addrs. and antispoof, without the need of ruleset reloading.
--
Nikolay Denev <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
S/Pacific, Henning Brauer wrote:
> >
> > >On Thu, Apr 03, 2003 at 11:14:43PM +0300, Nikolay Denev wrote:
> >
> > >>When i'am assigning packets to a queue with a "keep state" rule like
> > >>this :
> > >>"pass out quick on $ext_
Hello,
When i'am assigning packets to a queue with a "keep state" rule like this :
"pass out quick on $ext_if inet proto tcp all flags S/SA keep state queue
tcp-queue"
will the packets coming to me via the "keep state" created states will be
assigned to the queue too?
And also will the ACK-PRI tr
- Original Message -
From: "Ed White" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 14, 2003 3:53 PM
Subject: Re: source limit
> On Friday 14 March 2003 11:48, Niki Denev wrote:
> > Something like counting not only the states created by given rule
number,
> > but the ru
- Original Message -
From: "Dries Schellekens" <[EMAIL PROTECTED]>
To: "Nikolay Denev" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, October 23, 2002 11:29 PM
Subject: Re: count rules?
> On Wed, 23 Oct 2002, Nikolay Denev wrote:
&g
What about simple "count" rules, that are to be inspected before the dynamic
ruleset?
If they are not so many probably there will be no significant performance
impact. And they will make the traffic accounting much easier.
Regards,
