Brent Chapman <brent @
(I like the NetBlazer syntax much better, by the
way; it's much shorter and simpler).
Ah, but it implies contiguous bits, which ain't necessarily so.
The option would be "log", and would specify whether or not you
syslog the packet the tripped that filter, as well as the
action taken by the filter.
Syslog is probably the *wrong* mechanism, but I agree that some form
of packet logging is desirable. The user should be able to specify an
IP address/port pair where all packets to be 'logged' are sent.