Create Date: Jul 10 2012 3:50AM
On Extremeware, the ACLs used to have an option to "permit established" actually this was a complete misnomer because what t did was "deny not established" but anyway, I can't find an equivalent in the XOS policy file configuration. Do I have to hand-craft this, or is there a ready-made option?
I'm thinking I could permit any packet with the ACK bit set to allow established packets through or I could deny SYN but no ACK to prevent a socket being set up. Actually they are kind of the same when I think about it.
The problem is I also can't see how to do a bitwise test on the TCP flags i.e. a test on just one bit in the first case or a test on two bits in the second case, but masking off just those bits.
Any ideas? (from David_Rickard)