summaryrefslogtreecommitdiff
path: root/share/man/man5/pf.conf.5
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2003-02-08 20:13:21 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2003-02-08 20:13:21 +0000
commit615fa40fdb9c9961935e2cefd2bd118c7225347b (patch)
tree2fb3cd51ac24eb8f16755de83ae21fd59d9172f8 /share/man/man5/pf.conf.5
parent18a76cba38a02030b3e3550931ecf3ffc7b27e97 (diff)
Add scrub option 'random-id', which replaces IP IDs with random values
for outgoing packets that are not fragmented (after reassembly), to compensate for predictable IDs generated by some hosts, and defeat fingerprinting and NAT detection as described in the Bellovin paper http://www.research.att.com/~smb/papers/fnat.pdf. ok theo@
Diffstat (limited to 'share/man/man5/pf.conf.5')
-rw-r--r--share/man/man5/pf.conf.57
1 files changed, 6 insertions, 1 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 9f5a9843492..a177ee7adeb 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pf.conf.5,v 1.176 2003/02/03 16:17:49 mpech Exp $
+.\" $OpenBSD: pf.conf.5,v 1.177 2003/02/08 20:13:19 dhartmei Exp $
.\"
.\" Copyright (c) 2002, Daniel Hartmeier
.\" All rights reserved.
@@ -431,6 +431,11 @@ bit from a matching ip packet.
Enforces a minimum ttl for matching ip packets.
.It Ar max-mss <number>
Enforces a maximum mss for matching tcp packets.
+.It Ar random-id
+Replaces the IP identification field with random values to compensate
+for predictable values generated by many hosts.
+This option only applies to outgoing packets that are not fragmented
+after the optional fragment reassembly.
.It Ar fragment reassemble
Using
.Ar scrub