hey, yep, i made the same mistake first up too... from the pf users guide
One reason not to scrub on an interface is if one is passing NFS through PF. Some non-OpenBSD platforms send (and expect) strange packets -- fragmented packets with the "do not fragment" bit set, which are (properly) rejected by scrub. This can be resolved by use of the no-df option. Another reason is some multi-player games have connection problems passing through PF with scrub enabled. Other than these somewhat unusual cases, scrubbing all packets is highly recommended practice. On Wed, Jul 27, 2005 at 09:06:02AM +0200, Adam Papai wrote: > Steven Manos said: > > are you running pf? are you scrubbing on an interface? > > > > On server A there I use: > > scrub in all > > but not more special rules. > > On server B I didn't use scrub, only some pass in rulez for ssh/smtp > > > -- > Adam Papai > D i g i t a l Influence > E-mail: [EMAIL PROTECTED] > Phone: +36 30 33-55-735
