Thread: PF mods
View Single Post
  #4   (View Single Post)  
Old 19th November 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198

Originally Posted by jggimi View Post
match in on $internal_nic scrub (no-df random-id)
match in on $external_nic scrub (reassemble tcp)

The context being a firewall with an inside and an outside interface, with regard to matching and fixing-up the packets on an inbound flow vs. an outbound flow, is fixing-up the RANDOM-ID on INBOUND on the INSIDE interface, as your match rules exemplifies, preferred to fixing-up it up on the OUTBOUND transit on the OUTSIDE interface? Or does it matter?

Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote