Tom Smyth <tom.smyth@wirelessconnect.eu>:
> IP fragments are a pain as they dont really match the protocol of the
> original packet and have all sorts of issues when traversing multipath
> (hashed) multipath routes between the source and destination..
> cloudflare have a really good article on this
> https://blog.cloudflare.com/ip-fragmentation-is-broken/
Thank you for this one, Tom
I'd like to ask if it could be possible to have a new option between
aggressive and normal for 'set optimization' in pf?
Or if you consider the aggressive setting enough good for little desktops with security
in mind too?
Thanks,
-- Daniele Bonini
No comments:
Post a Comment