Subject: Re: pf, icmp, and max-mss
To: M Graff <explorer@flame.org>
From: Christian Hattemer <c.hattemer@arcor.de>
List: current-users
Date: 07/27/2006 19:21:46
Hi,

when I changed from 3.0 to -current I also noticed that IPF now seems to
require restricting the MSS. The option is named mssclamp there.

I thought this would be one of the several flaws that IPF exhibits now,
compared to the version in 3.0 with a nearly unchanged ipf.conf (I only
removed some log keywords and a few block rules).

I have changed to PF now and had used max-mss from the beginning. But your
report that PF also won't work reliably without restricting the MSS seems
to indicate that the cause for this particular problem might be somewhere
else.

Bye, Chris