From: Stuart Henderson (stuspacehopper.org)
Date: Mon Apr 06 2009 - 07:17:05 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2009/04/06 06:05, Henning Brauer wrote:
> 1) scrub rules are completely gone.

there's a reasonably simple way to rewrite your ruleset:

Index: pf.conf
===================================================================
RCS file: /data/cvsroot/sthen/clearip/conf/jodrell/pf.conf,v
retrieving revision 1.25
diff -u -p -u -1 -r1.25 pf.conf
--- pf.conf 6 Mar 2009 22:34:50 -0000 1.25
+++ pf.conf 6 Apr 2009 12:14:36 -0000
-10,6 +10,6 set skip on {lo vr3}
 
-scrub on pppoe0 max-mss 1450 random-id
-scrub on gif1 max-mss 1450 no-df random-id
-scrub in on vlan3666 max-mss 1450 no-df random-id
-scrub in on vlan5 max-mss 1450 no-df random-id
+match on pppoe0 scrub (max-mss 1450 random-id)
+match on gif1 scrub (max-mss 1450 no-df random-id)
+match in on vlan3666 scrub (max-mss 1450 no-df random-id)
+match in on vlan5 scrub (max-mss 1450 no-df random-id)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]