On Sun, Nov 8, 2009 at 10:32 PM, Cor <clinge...@gmail.com> wrote: > I'm running a late-October post-4.6 snapshot on a new Soekris firewall, and > noticed something peculiar after setting up the rules per the new pf.conf(5) > man page. I had a few lesser-known websites just hang and eventually time > out (the "majors" still work fine), but thought little of it until I went to > the ISA web site (www.isa.org) to renew my membership there and noticed the > same effect. > > I changed the following rule: > > match in all scrub (reassemble tcp no-df random-id)
just a question. with the above line enabled do sites like www.microsoft.com break? I had a client last week complain that microsoft.com was broken(among others) here is what I had to do in pf.conf in FreeBSD 8.0RC2 scrub all reassemble tcp max-mss 1452 after that microsoft.com started working again. I know that OpenBSD 4.6 changed the syntax a bit so I am not sure what it would have to be now. Sam Fourman Jr.
