Hi,
On Thu, 01.10.2009 at 12:21:19 +0200, Toni Mueller <[email protected]>
wrote:
> Searching around, I found that this question was already raised by
> Martin Hedenfalk well over a year ago
> (http://marc.info/?l=openbsd-misc&m=121127258816047&w=2), but he got no
> answer.
I thought I'd try to solve the situation with 'pf', and cobbled
together these simplistic rules (valid after my 4.5 man page, invalid
after current's man page as found on the web), both of which were
rejected by pfctl:
scrub in all tos 3 set-tos 0
pass in on $extif proto { tcp, udp } from any to any tos 3 set-tos 0
The reason for trying such rules is to selectively kill only this tos
value, to hopefully enable the packets flowing through IPSEC. I need to
preserve other values, therefore I can't simply "scrub set-tos 0".
I could make use of a feature, preferably in a scrub or pass rule, that
would allow me to set or clear individual bits in the tos (or other)
field, like:
pass in on $extif proto { tcp, udp } from any to any tos 3 new-tos & ~0x3
(meaning: clear these bits only, '~' = 1's complement).
TIA!
--
Kind regards,
--Toni++
