I understand that 1.3 has been rendered immune to land.c-based attacks,
however there are a great deal of possible attacks still available to
potential ankle-biters that I'd like to deal with on-the-fly, as it were.
However: I'm not so sure the documentation in man pages is particularly
informative re: ipfilter and ipf.conf. 

There is an option in man ipf.conf that reads: port-comp..  "compares
ports". Is this an addition made because of the land-attacks?

Anyways, is there some sort of more complex rulings available? IPFilter as
it stands doesn't particularly protect against ip-spoofed attacks, which
comprise the majority of harmful packets which come to my system.

I love ipmon -x by the way.. ;)

Thanks for any pointers to information that you can provide,

Sincerely,

Marc Tooley