I am using a KPN fiber connection directly connected to my OPNSense firewall. I've been warned that the configuration is vulnarable for tcp middelbox reflection attacks.
See https://www.akamai.com/blog/security/tcp-middlebox-reflection
In that article they propse as mitigation to block/drop all SYN packages larger than 100 bytes.
How can I do that in OPNSense. I cannot find a way to drop packages in the firewall rules based on the length of a package (and other criteria).