https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229477
--- Comment #3 from Andre Albsmeier <[email protected]> --- That's easy (this is just a cut-down excerpt of my real rules I used on a test machine to address this bug): set ruleset-optimization none set block-policy return set skip on lo0 set debug misc set timeout tcp.established 432000 set limit { states 2000, src-nodes 1000, frags 2000, table-entries 30000 } scrub in on e0 all fragment reassemble scrub out on e0 all random-id set-tos 0xB8 scrub on e0 all reassemble tcp pass out quick on e0 all no state allow-opts pass in quick on e0 proto tcp from any to any port 1234 synproxy state pass in quick on e0 all no state Now run some "nc -l DEST 1234" on host DEST and connect to 1234 with and without the synproxy rule... -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
