* Robert Waite <[email protected]> [2009-11-05 20:08]: > I have been on OBSD 4.4 for a bit and had not really messed with pf.conf for > a while. > > When I updated to 4.6 there were a couple of settings that seemed > ambiguous to me. > > 1) under Options, "set reassemble on". I know it is on by default but I got > a parsing > error when I tried it. I also found some man pages online that were missing > this > option however the man page in 4.6 does include it. So A) Is this supposed > to work
of course it works if you use it as written in the manpage. hint: the value is not "on". > still? B) Is there a difference between setting "set reassemble on" in the > options vs. > "match in all scrub reassemble tcp"? yes, of course. and that is in the mnapage too... set reassemble only affects fragments, the scrub option on rules has nothing to do with fragments. > 2)Using urpf-failed vs. antispoof. http://www.openbsd.org/faq/pf/filter.html > says > "uRPF provides the same functionality as antispoof rules." Is it truly > identical? > I could not find anything in the man page that explicitly says the are > functionally > equivalent. Is there a reason to use one over the other... or will one be > deprecated? they are not identical, they can serve the same purpose. -- Henning Brauer, [email protected], [email protected] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
