Hello All,not really an answer to your question but...
It says in the FAQ that using the 'reassemble tcp' scrub option keeps an observer from guessing how many hosts are behind a NAT gateway. The main thing I plan to use this for is to prevent my ISP from finding out I have more than 1 computer connected, and then start asking me to pay more money for extra IP addresses. Problem is that TCP SYN packets that go though my NAT/pf box still have OS ambiguities. So my ISP can see that Windows, BSD, and Linux TCP SYN packets are coming from my cable modem, therefore proving that I have more than 1 machine, and that I need to be charged accordingly.
Is there a way with pf to "wash" these ambiguities (window size, syn packet size, etc) away so that all outgoing TCP packets look the same? Maybe even set them to user-defined variables, as we already can with 'max-mss' and 'min-ttl'?
Thanks for your time. Aaron
1. tell your isp you have a multiboot machine
2. tell your isp you only have one box (i did, and they believed me)
might be easier for you to try those methods first :)