On Tue, Oct 18, 2005 at 11:50:41AM -0400, Jon Hart wrote: > What I'd like is to disable scrub's tcp reassembly on per > host/port/protol basis, something along the lines of: > > scrub all no-df random-id fragment reassemble reassemble tcp > no scrub inet proto tcp from any to $SAN_NET port 3260 reassemble tcp > > I'll bring up a test system to see if this is possible, but my question > is will this get me what I want? I want to do full scrubbing on all of > my traffic except I don't want to do tcp reassembly on port 3260/tcp for > a specific host.
flip the order, no scrub first (normalization is like translation, first match). other than that, looks fine. -- jared [ openbsd 3.8 GENERIC ( oct 15 ) // i386 ]
