Hi, is it possible to pass/block packet according to its size? I need to block outgoing UDP/123 (NTP) packets bigger than 128B to disable DDoS amplification. There is nothing about it in doc.
Thanks.
@mpastor: NPF already supports this using the pcap-filter i.e. the tcpdump syntax, e.g.:
block in final pcap-filter "greater 128"
See npf.conf(5) and pcap-filter(7) man pages. However, I think I will add more options to filter based on some IP header values using the native syntax.