DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3rd August 2010
jcdenton jcdenton is offline
Port Guard
 
Join Date: Aug 2010
Posts: 11
Thanked 4 Times in 1 Post
Default pf : how to ignore TCP RST packets ?

Hello, I am new to this forum and also to OpenBSD.

I have installed OpenBSD 4.7. I am currently in China and the Great Firewall insert some RST packets to close connections when a forbidden token is detected. I read in hxxp://www.cl.cam.ac.uk/~rnc1/ignoring.pdf that if both parties ignore RST packets, the Great Firewall of China become pretty useless and that I could actually access to some blocked content (provided the remote server also drop rst packets).

The two lines given in example in "ignoring.pdf" are for ipfw and iptables, but OpenBSD uses pf.

So I would like to know if I translated correctly the ipfw line into the pf syntax. I tried to follow the instructions in the FAQ of pf filters (hxxp://www.openbsd.org/faq/pf/filter.html) :

The original ipfw line :
Code:
ipfw add 1000 drop tcp from any to me tcpflags rst in
My line in /etc/pf.conf :
Code:
block drop proto tcp from any to any flags R/R
Thanks for any help !
(and sorry for the hxxp links, I have less than 5 post in this forum)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD, vpnc and packets forwarding problems Tritone OpenBSD General 3 2nd July 2009 09:59 PM
marked as IGNORE packages ccc FreeBSD Ports and Packages 3 19th February 2009 08:36 AM
Redirecting ESP packets ales OpenBSD Security 2 15th June 2008 09:13 PM
pfsense wireless AP - lost packets AndreyS FreeBSD General 0 7th June 2008 05:38 PM
IPF: Packets Out Of Window bram85 FreeBSD Security 9 2nd June 2008 04:09 PM


All times are GMT. The time now is 04:51 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick