On Mon, Jun 14, 2010 at 11:23 PM, Ted Unangst <[email protected]> wrote: >> In my pf.conf I have "match in all scrub (reassemble tcp)" and >> "antispoof log for $interfaces" and nothing else that isn't a simple >> pass/block or NAT rule. I'm not ruling out some sort of config error >> here, because I'm pretty new to OpenBSD and pf, though my >> understanding is that the above won't cause RSTs to be sent for >> layer-two traffic not sent to the OpenBSD box in question. > > What happens if you disable antispoof? You're getting packets on an > interface that doesn't expect them, which is exactly what antispoof is > supposed to block.
No change, unfortunately. In any case, my understanding is that antispoof will drop spoofed packets, not go out and actively kill the TCP connection? -Patrick -- http://www.labyrinthdata.net.au - WA Backup, Web and VPS Hosting
