* Eric Lee <ele...@gmail.com> [2011-05-10 10:30]: > I'm trying to use scrub max-mss rules to create asymmetric MSS's. > > Is this supported? So far, I haven't got it to work (hence my post here). > The machine is running OpenBSD 4.9 with 2 network cards. > > I have been trying things like: > match out on $ext proto tcp scrub(max-mss 1000) flags S/SA > match in on $ext proto tcp scrub(max-mss 500) flags SA/SA
that doesn't work because only one of those two rules ever matches a given connection, from then on the state decides. using two match rules on different interfaces should work i think. the only other option is stateless, but that is stupid for many many reasons. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
