[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf: to scrub or not to scrub?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: pf: to scrub or not to scrub?
From: "T. Ribbrock" <emgaron_(_at_)_gmx_(_dot_)_net>
Date: Thu, 25 Jul 2002 20:31:12 +0200
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

On Thu, Jul 25, 2002 at 11:49:04AM +0200, Henning Brauer wrote:
[...]
> scrub is and always was recommended.

Unless - dare I say it - you have to deal with Linux NFS in
conjunction with that pf firewall, in which case NFS won't work when
scrub is used. That just bit me the other day (Linux 2.2.x client <->
pf <-> Linux 2.4.x server[0]). It's mentioned in the archives of this
list and the conclusion at the time was that it's a Linux problem[1].
Interesting enough I had the same problem with a Linux 2.4.x client
and an OpenBSD 3.1 server. Both issues vanished after I removed scrub
from the rules. Just something to be aware of, I think.

Cheerio,

Thomas

[0] result was a timeout - I could see packets going one way with
    tcpdump but nothing coming back.
-- 
-----------------------------------------------------------------------------
      Thomas Ribbrock    http://www.ribbrock.org    ICQ#: 15839919
   "You have to live on the edge of reality - to make your dreams come true!"

Follow-Ups:
- Re: pf: to scrub or not to scrub?
  - From: Mike Frantzen

References:
- Re: pf: to scrub or not to scrub?
  - From: Henning Brauer

Prev by Date: Re: How do I create a bootable macppc cdrom ?
Next by Date: Re: pf: to scrub or not to scrub?
Previous by thread: Re: pf: to scrub or not to scrub?
Next by thread: Re: pf: to scrub or not to scrub?
Index(es):
- Date
- Thread

Visit your host, monkey.org