diff options
author | Jason McIntyre <jmc@cvs.openbsd.org> | 2003-03-10 14:15:03 +0000 |
---|---|---|
committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2003-03-10 14:15:03 +0000 |
commit | 84f94ffe61c744caab37462b306916b453ab0c2d (patch) | |
tree | 3383d5cf5dffe9a25e86e2324bc104ca600e61af /share/man/man5 | |
parent | 0f9097e8afae197e6738faaaa29f3e80696e9e8c (diff) |
small changes to mike's random-id section;
ok frantzen@
Diffstat (limited to 'share/man/man5')
-rw-r--r-- | share/man/man5/pf.conf.5 | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index cc3ae78dc71..fa9a467d00a 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.213 2003/03/10 09:40:47 deraadt Exp $ +.\" $OpenBSD: pf.conf.5,v 1.214 2003/03/10 14:15:02 jmc Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -426,7 +426,8 @@ Clears the bit from a matching ip packet. Some operating systems are known to generate fragmented packets with the .Ar dont-fragment -bit set. This is particularly true with NFS. +bit set. +This is particularly true with NFS. .Ar Scrub will drop such fragmented .Ar dont-fragment @@ -436,16 +437,16 @@ is specified. .Pp Unfortunately some operating systems also generate their .Ar dont-fragment -packets that all contain a zero IP identification field. +packets with a zero IP identification field. Clearing the .Ar dont-fragment bit on packets with a zero IP ID may cause deleterious results if an upstream router later fragments the packet. -Using the below mentioned +Using the .Ar random-id -modifier is recommended in combination with the +modifier (see below) is recommended in combination with the .Ar no-df -modifier to insure unique IP identifiers. +modifier to ensure unique IP identifiers. .It Ar min-ttl <number> Enforces a minimum ttl for matching ip packets. .It Ar max-mss <number> |