I seem to post out of sync here... sorry.
Ok so we dont need to add the flags S/SA bit which is what I thought was the case. Why then is disabling OpenBSD support for rfc1323 making it work. It seems from what your saying that PF should be able to handle the state because it filters on the first SYN transaction. Is it the case that most web sites do handle it ok and that this particular one does not.
|