On 2009/04/06 13:17, Stuart Henderson wrote:
> On 2009/04/06 06:05, Henning Brauer wrote:
> > 1) scrub rules are completely gone.
>
> there's a reasonably simple way to rewrite your ruleset:
of course i have a "set require-order no" higher up in the file. :)
> Index: pf.conf
> ===================================================================
> RCS file: /data/cvsroot/sthen/clearip/conf/jodrell/pf.conf,v
> retrieving revision 1.25
> diff -u -p -u -1 -r1.25 pf.conf
> --- pf.conf 6 Mar 2009 22:34:50 -0000 1.25
> +++ pf.conf 6 Apr 2009 12:14:36 -0000
> @@ -10,6 +10,6 @@ set skip on {lo vr3}
>
> -scrub on pppoe0 max-mss 1450 random-id
> -scrub on gif1 max-mss 1450 no-df random-id
> -scrub in on vlan3666 max-mss 1450 no-df random-id
> -scrub in on vlan5 max-mss 1450 no-df random-id
> +match on pppoe0 scrub (max-mss 1450 random-id)
> +match on gif1 scrub (max-mss 1450 no-df random-id)
> +match in on vlan3666 scrub (max-mss 1450 no-df random-id)
> +match in on vlan5 scrub (max-mss 1450 no-df random-id)
