Hello Saad, Monday, December 09, 2002, 11:55:54 AM, you wrote: SK> pass out quick on $dmz_if proto tcp from $internal_net to $dmz_net \ SK> flags S keep state Using flags S means filtering ECN. Which is a bad thing. Use S/SAFRUP instead. This was not a problem until 3.2 (I think, may be 3.1) because PF didn't supported ecn (or the kernel, or both, I made the jump from 3.0 to 3.2, so I don't really know what happened in the middle).
-- Best regards, Alejandro Belluscio
