* Toni Mueller <openbsd-m...@oeko.net> [2008-12-12 12:18]: > Hi, > > On Thu, 11.12.2008 at 21:12:43 +0000, Stuart Henderson <s...@spacehopper.org> > wrote: > > On 2008-12-11, Toni Mueller <openbsd-m...@oeko.net> wrote: > > > On Thu, 11.12.2008 at 02:29:22 +0000, Stuart Henderson > > > <s...@spacehopper.org> wrote: > > >> On 2008-12-10, Toni Mueller <openbsd-m...@oeko.net> wrote: > > >> > Example: > > >> > pass on $ext_if all max-mss 1400 > > >> you should use "scrub on ... max-mss 1400" > > > > > > I have seen, and verified, that that works, but I hoped to apply such a > > > rule to only some of the packets (think different transport media > > > etc.pp.). > > > > scrub supports that. > > I've recently run into problems which looked to me like PMTUD does not > work across IPSEC.
you are missing the point. scrub in $somewhere from $foo to $bar max-mss 1400 is perfectly valid. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
