Re: [m0n0wall] Problem with Bridging and NAT

From:	Fred Wright <fw at well dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Problem with Bridging and NAT
Date:	Tue, 30 Dec 2003 23:49:31 -0800 (PST)

On Sat, 20 Dec 2003, Manuel Kasper wrote:

> These two rules serve to block all packets that have anything else but 
> the SYN flag out of SYN, ACK, FIN and RST set. If the packet really is 
> a TCP SYN packet, then the block rule is skipped (two rules are 
> necessary because it isn't possible to say "not S/SAFR" in ipf rule 
> language).

Does that mean that T/TCP (which puts SYN, FIN and data in the same
packet) is blocked?

					Fred Wright