From owner-freebsd-questions@FreeBSD.ORG Sat Jan 28 13:02:41 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC18516A420 for ; Sat, 28 Jan 2006 13:02:41 +0000 (GMT) (envelope-from jbronson@wixb.com) Received: from cheyenne.sixcompanies.com (cheyenne.sixcompanies.com [67.53.234.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7DEA543D58 for ; Sat, 28 Jan 2006 13:02:39 +0000 (GMT) (envelope-from jbronson@wixb.com) Message-Id: <7.0.1.0.2.20060128070014.01282e00@sixcompanies.com> Date: Sat, 28 Jan 2006 07:02:37 -0600 To: freebsd-questions@freebsd.org From: "J.D. Bronson" Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: pf and scrubbing bubbles X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jan 2006 13:02:42 -0000 I am using this in my pf.conf (on 6.0) and was wondering if these settings are appropriate. While 'scrub' by itself is always recommended, I added a few more things that seem to ought to be there? I use this for all the NICs...WAN and LAN... with the exception to remove filtering on loopback: ======================================================= scrub all random-id reassemble tcp fragment reassemble no scrub on lo0 all ======================================================= anyone see any issues with this - especially since its on the WAN and LAN NICs? things run fine, but I thought it wouldnt hurt to ask the group. -JD