Subject: Re: pf, icmp, and max-mss
To: M Graff <email@example.com>
From: Christian Hattemer <firstname.lastname@example.org>
Date: 07/27/2006 19:21:46
when I changed from 3.0 to -current I also noticed that IPF now seems to
require restricting the MSS. The option is named mssclamp there.
I thought this would be one of the several flaws that IPF exhibits now,
compared to the version in 3.0 with a nearly unchanged ipf.conf (I only
removed some log keywords and a few block rules).
I have changed to PF now and had used max-mss from the beginning. But your
report that PF also won't work reliably without restricting the MSS seems
to indicate that the cause for this particular problem might be somewhere