From 5e5e054789bf45fa5c20cf413763bb594309a60c Mon Sep 17 00:00:00 2001 From: sobrado Date: Fri, 10 Jan 2014 12:07:19 +0000 Subject: [PATCH] Using random-id is recommended in combination with no-df to ensure unique IP identifiers. ok henning@ --- share/man/man5/pf.conf.5 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 2ec87dfb4ae..1bde3d2e873 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.532 2013/12/21 20:57:01 camield Exp $ +.\" $OpenBSD: pf.conf.5,v 1.533 2014/01/10 12:07:19 sobrado Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" Copyright (c) 2003 - 2013 Henning Brauer @@ -28,7 +28,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 21 2013 $ +.Dd $Mdocdate: January 10 2014 $ .Dt PF.CONF 5 .Os .Sh NAME @@ -2221,7 +2221,7 @@ blind attacker would have to guess the timestamp as well. .Pp For example: .Pp -.Dl match in all scrub (no-df max-mss 1440) +.Dl match in all scrub (no-df random-id max-mss 1440) .Ss Fragment Handling The size of IP datagrams (packets) can be significantly larger than the maximum transmission unit (MTU) of the network. -- 2.20.1