Re: Thoughts or links on optimally secure defaults for pf.conf and fstab, whilst aiming to minimise support issues.

On 2020-06-14, Kevin Chadwick wrote: > We are basing the server part of our products on OpenBSD. > > We care more about reducing support issues than say performance. > > We will have batteries but I hope to deploy some kind of root partition > redundancy, for upgrades. You'll need to cope with

Re: Thoughts or links on optimally secure defaults for pf.conf and fstab, whilst aiming to minimise support issues.

On 2020-06-14 13:58, Kevin Chadwick wrote: > set reassemble yes no-df > match scrub (random-id max-mss 1389) > > Should I drop the no-df from set reassemble? Any other recommendations > welcome? To be clear. Previously, with scrub (no-df... the set reassemble line was missing/default.