> On 2009-04-07, Dirk Mast <condo...@gmail.com> wrote: >> Dan Carley wrote: >> >>> Technically it won't be relayd that is the cause of your woes because >>> it >>> is PF will be performing the grunt work of the TCP redirection. >>> >>> Based on what Brian said, you may find that playing with 'scrub out' >>> and >>> 'max-mss' in your PF rules alleviates the issue. >> >> Which will soon be no longer. > > so then play with "scrub (max-mss ###)" instead. you can either use > this on your pass rules, or with the new match rules. > > http://www.openbsd.org/faq/current.html#20090406 > http://marc.info/?m=123901961726016 > > this will be hitting snapshots soon.
So for a very simple example like the one from the PF Guide: scrub in block in pass out keep state pass in on $ext_if inet proto tcp from any to ($ext_if) \ port $tcp_services flags S/SA keep state Would now be: block in pass out keep state pass in on $ext_if inet proto tcp from any to ($ext_if) \ port $tcp_services flags S/SA keep state match in all scrub correct? -- Joe Gidi j...@entropicblur.com
