| Firewalling with OpenBSD's PF packet filter: EuroBSDCon 2007, København, September 12th 2007 | ||
|---|---|---|
| Prev | Next | |
block-policy:
drop - drop without return, or
return - Connection refused, Destination unreachable, etc
set block-policy return
scrub:
normalization, defragmentation
scrub in all
antispoof:
"this packet should not be here"
antispoof for $ext_if antispoof for $int_if