[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: pf, raw sockets and packet drops...
From:       mike schiffman <mike () infonexus ! com>
Date:       2002-07-29 15:39:15
[Download RAW message or body]

Ah, this must be the case.  Thanks.

On Mon, Jul 29, 2002 at 08:45:13AM +0200, Daniel Hartmeier wrote:
> On Sun, Jul 28, 2002 at 10:49:44PM -0700, mike schiffman wrote:
> 
> > pass out proto tcp from any to any         flags S/SA keep state
> 
> Try
> 
>   pass out from any to any allow-opts
> 
> instead. pf, by default, blocks packets with IP options. If you want to
> pass them, use the 'allow-opts' rule parameter.
> 
> Also, if you pass TCP packets statefully (with 'keep state'), pf will
> use the TCP flags to track the connection, and automatically drop
> certain combinations or sequences. If you don't want that, don't use
> 'keep state', but pass those packets statelessly.
> 
> Daniel

-- 
Network packets at bargin basement rates -- ask me how.

[prev in list] [next in list] [prev in thread] [next in thread]