Quote:
Originally Posted by J65nko
If only have this problem with your OpenBSD box. And if setting the tfc1323 sysctl to 0 solves it, there is only one conclusion: your pf.conf rules for port 80 don't create state on the first packet of the TCP connection.
|
Yes that is the case. So do you think that they should and that if I did then the rfc1323 can be turned back on. Almost all of the examples I see dont set the SYN flag in the filter. So do I need a pf rule which is for the $ext_if out setting the state ? I just have "pass out". Should that be pass out flags S/SA or something like that ?
You can tell that I am new to PF.