pf : how to ignore TCP RST packets ?
Hello, I am new to this forum and also to OpenBSD.
I have installed OpenBSD 4.7. I am currently in China and the Great Firewall insert some RST packets to close connections when a forbidden token is detected. I read in hxxp://www.cl.cam.ac.uk/~rnc1/ignoring.pdf that if both parties ignore RST packets, the Great Firewall of China become pretty useless and that I could actually access to some blocked content (provided the remote server also drop rst packets).
The two lines given in example in "ignoring.pdf" are for ipfw and iptables, but OpenBSD uses pf.
So I would like to know if I translated correctly the ipfw line into the pf syntax. I tried to follow the instructions in the FAQ of pf filters (hxxp://www.openbsd.org/faq/pf/filter.html) :
The original ipfw line :
ipfw add 1000 drop tcp from any to me tcpflags rst in
block drop proto tcp from any to any flags R/R
(and sorry for the hxxp links, I have less than 5 post in this forum)
|Thread||Thread Starter||Forum||Replies||Last Post|
|OpenBSD, vpnc and packets forwarding problems||Tritone||OpenBSD General||3||2nd July 2009 10:59 PM|
|marked as IGNORE packages||ccc||FreeBSD Ports and Packages||3||19th February 2009 08:36 AM|
|Redirecting ESP packets||ales||OpenBSD Security||2||15th June 2008 10:13 PM|
|pfsense wireless AP - lost packets||AndreyS||FreeBSD General||0||7th June 2008 06:38 PM|
|IPF: Packets Out Of Window||bram85||FreeBSD Security||9||2nd June 2008 05:09 PM|