View Single Post
  #2   (View Single Post)  
Old 16th May 2008
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,994

See section Create TCP states on the initial SYN packet.

Although for pf, this section explains why it is important to keep state on the first packet of the three-way TCP handshake. Doing this prevents problems with TCP window scaling.

IIRC FreeBSD has a sysctl to disable this window scaling as defined in RFC 1323.On OpenBSD (don't have access to a FBSD box) it is called
You first could try to disable this.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote