Hello All, It says in the FAQ that using the 'reassemble tcp' scrub option keeps an observer from guessing how many hosts are behind a NAT gateway. The main thing I plan to use this for is to prevent my ISP from finding out I have more than 1 computer connected, and then start asking me to pay more money for extra IP addresses. Problem is that TCP SYN packets that go though my NAT/pf box still have OS ambiguities. So my ISP can see that Windows, BSD, and Linux TCP SYN packets are coming from my cable modem, therefore proving that I have more than 1 machine, and that I need to be charged accordingly.
Is there a way with pf to "wash" these ambiguities (window size, syn packet size, etc) away so that all outgoing TCP packets look the same? Maybe even set them to user-defined variables, as we already can with 'max-mss' and 'min-ttl'? Thanks for your time. Aaron
