Hi, I'm trying to use scrub max-mss rules to create asymmetric MSS's.
Is this supported? So far, I haven't got it to work (hence my post here). The machine is running OpenBSD 4.9 with 2 network cards. I have been trying things like: match out on $ext proto tcp scrub(max-mss 1000) flags S/SA match in on $ext proto tcp scrub(max-mss 500) flags SA/SA Scrubbing on the other interface doesn't seem to work either. match out on $int proto tcp scrub(max-mss 500) flags SA/SA client <--> pf gateway <--> internet With a sniffer on the client link and the internet link, -client sends large MSS on initial syn (> 1000) -pf scrubs MSS to 1000 on initial syn -pf receives large MSS on syn+ack (> 1000) -pf scrubs MSS to 1000 in syn+ack reply to client Thanks!
