I took a moment to peruse the pfctl.c code for the tcp settings for each of the various optimization topographies (normal, aggressive, etc.). Do these attempt to set any of the udp or icmp timeout settings (first, single, multiple, error)? I can't find anything in the pf.conf manpage or source to suggest they do.
-J.
