有没有办法阻止特定types的数据包大于特定的大小?
AFAIC,PF不能做到这一点。 你可以使用ipfw
的iplen
选项:
iplen len-list Matches IP packets whose total length, including header and data, is in the set len-list, which is either a single value or a list of values or ranges specified in the same way as ports.