Re: usage of 'keep state' option used in PF rulesets

[Han <han@mijncomputer.nl>]

Paul de Weerd (paul@mail.me.maar.nu) wrote:
> On Fri, Mar 15, 2002 at 06:07:02PM +0100, Han wrote:
> > > See the STATE MODULATION section in pf.conf(5) for a nice
> > > explanation of this feature. It's used to compensate for hosts
> > > that generate predictable sequence numbers.
> > 
> > Off course it is not done in manpages to specify "Some popular stack
> > implementations". May I ask you to specify them here?
> 
> Actually quite a number of TCP/IP stacks have very poort ISN's.
> MicroSoft has been notorious for poor ISN for everything pre-W2K (not
> sure about W2K or WXP). Some implementations (I have some HP JetDirect
> boxes here) have a fixed ISN (defaults to 0).  I suppose there's too
> many implentations with poor ISNs to list them all in the manpage ;)

Ok, in that case I should ask it the other way around. Which stack
implementations are safe?

%s/|/>/g


Cya, Han.