quoting http://www.openbsd.org/faq/pf/filter.html
quote
IP Options
By default, PF blocks packets with IP options set. This can make the job
more difficult for OS fingerprinting utilities like nmap. If you have
an application that requires the passing of these packets, such as
On Fri, Dec 01, 2006 at 02:14:14PM +1300, Russell Fulton wrote:
pass in quick on fxp0 all allow-opts
Am I correct in thinking that this line effectively passes *all* traffic
in on fxp0 with no more checking because of the 'quick' option?
Yes, it does.
The rule is meant to illustrate
