[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: usage of 'keep state' option used in PF rulesets
Paul de Weerd (firstname.lastname@example.org) wrote:
> On Fri, Mar 15, 2002 at 06:07:02PM +0100, Han wrote:
> > > See the STATE MODULATION section in pf.conf(5) for a nice
> > > explanation of this feature. It's used to compensate for hosts
> > > that generate predictable sequence numbers.
> > Off course it is not done in manpages to specify "Some popular stack
> > implementations". May I ask you to specify them here?
> Actually quite a number of TCP/IP stacks have very poort ISN's.
> MicroSoft has been notorious for poor ISN for everything pre-W2K (not
> sure about W2K or WXP). Some implementations (I have some HP JetDirect
> boxes here) have a fixed ISN (defaults to 0). I suppose there's too
> many implentations with poor ISNs to list them all in the manpage ;)
Ok, in that case I should ask it the other way around. Which stack
implementations are safe?