Ed White wrote: >> > pass in quick inet proto tcp from $My_ISP_class_B to $eth_ext port 22 tos >> > $key keep state >> >> This is the worst kind of security through obscurity. > > That's not security at all.
My point exactly. > That's custom setup, like using sshd on port 31337. And equally stupid. > Where's gone power of choice ? pf has never given you freedom of choice. E.g. where is the option to filter by data[offset]? This lack of choice is a good thing, not a bad thing as people seem infatuated by stupid choices. OTOH a "pass set-tos xxx" option (what this discussion was originally about) would be nice... -d