PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
Starting with OpenBSD 4.6, scrub is a state option:
set state-defaults pflow match in all scrub (no-df max-mss 1440) match in proto tcp from 192.168.103.48 to self tag fortyeight pass in proto tcp tagged fortyeight scrub (random-id reassemble tcp) pass proto tcp from self to 192.168.103.84 port 9000 scrub (set-tos lowdelay)
Also min-ttl, random-id, set-tos