Thread: PF mods
View Single Post
  #4   (View Single Post)  
Old 19th November 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by jggimi View Post
Code:
match in on $internal_nic scrub (no-df random-id)
match in on $external_nic scrub (reassemble tcp)
jggimi,

The context being a firewall with an inside and an outside interface, with regard to matching and fixing-up the packets on an inbound flow vs. an outbound flow, is fixing-up the RANDOM-ID on INBOUND on the INSIDE interface, as your match rules exemplifies, preferred to fixing-up it up on the OUTBOUND transit on the OUTSIDE interface? Or does it matter?

Thanks,
/Scott
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote