Tom Smyth <tom.sm...@wirelessconnect.eu>: > IP fragments are a pain as they dont really match the protocol of the > original packet and have all sorts of issues when traversing multipath > (hashed) multipath routes between the source and destination.. > cloudflare have a really good article on this > https://blog.cloudflare.com/ip-fragmentation-is-broken/
Thank you for this one, Tom I'd like to ask if it could be possible to have a new option between aggressive and normal for 'set optimization' in pf? Or if you consider the aggressive setting enough good for little desktops with security in mind too? Thanks, -- Daniele Bonini
