* Ted <t...@pobox.com> [2010-01-14 05:03]: > On Thu, Jan 14, 2010 at 12:46 PM, Henning Brauer <lists-open...@bsws.de>wrote: > > > > > > I have > > > > > > match in all scrub (tcp reassemble no-df random-id max-mss 1440) > > > > > > in my pf.conf (-current) > > > > yeah, don't use reassemble tcp. it's not perfect. > > > > How about fragment reassemble?
that is an entirely different beast and should always be on (hey, surprise, it IS by default!) "reassemble tcp" is not the best name really. it is not really reassembly of anything. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
