[j-nsp] tcp-flag filter
Dan Evans
pzdevans at gmail.com
Wed Sep 14 09:02:57 EDT 2005
Here's an example of how to use the tcp-flags option in firewall
filters. Hopefully this helps out:
term foo-1 {
from {
destination-address {
x.x.x.a/32;
x.x.x.b/32;
x.x.x.c/32;
}
source-prefix-list {
filter1 except;
}
tcp-flags "ack & !rst";
}
then accept;
}
term foo-2 {
from {
destination-address {
x.x.x.a/32;
x.x.x.b/32;
x.x.x.c/32;
}
tcp-flags "(syn & !ack) | rst";
}
then {
discard;
}
}
-Dan
On 9/14/05, Erol KAHRAMAN <erol.kahraman at gmail.com> wrote:
> hi to everybody,
>
> i am trying to write a filter whitch will block tcp packet with the
> syn,fin flags are set. Is it possible ? I find the tcp-flags parameter
> in help of filter, but i don't know how to use it ?
>
> --
> Erol KAHRAMAN
> System Network Administrator
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list