Dear list,
i want to block udp fragments to a specific host while the reassembling is
turned on for all other traffic:
In pf I would write something like this:
<snip>
# reassemble fragmented packets (default yes)
set reassemble yes
# scrub all traffic
match all scrub (random-id no-df)
# block fragments to host 10.0.0.10
block log quick from any to 10.0.0.10 fragment
<snap>
For me, it sounds like this is not possible, because reassembling happens before
pf and it is only possible to turn it on or off as a whole, right? Is there an
other way to achieve this challenge.
Any advice ?
Thanks,
Joerg
No comments:
Post a Comment