Normalizing TTL across all packets leaving WAN interface



  • I have pfsense 2.4 and I want to normalize all of the packets that are leaving the WAN interface of my router.  My ISP doesn't like routers and blocks data whose ttl is not "stock".

    I did some experimentation and found that if I increment the TTL they can't tell that I'm behind a router and let the traffic through.

    I found a very old post that had a way to do this: https://forum.pfsense.org/index.php?topic=4712.0

    But my filters.inc doesn't have that line and I don't understand what that file does well enough to make the changes.

    Is normalizing the ttl for all traffic leaving an interface something that can stil lbe accomplished?


  • Rebel Alliance Global Moderator

    Well filters.inc has been rewritten a bit since that post back in 2007 ;)

    But its still there really its just under the scrub function..

    
    function filter_generate_scrubing() {
     <snipped>if (!isset($config['system']['disablescrub'])) {
                            $scrubrules .= "scrub on \${$scrubcfg['descr']} all {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all directions</snipped> 
    

    So you should be able to edit that per those threads instructions to do what your asking.



  • Thanks johnpoz, that worked perfectly!

    $scrubrules .= "scrub on \${$scrubcfg['descr']} all min-ttl 128 {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all
     directions
    

  • Rebel Alliance Global Moderator

    Great - glad it worked out for you… Shitty Ass ISPs  So they want your devices directly attached?  And you can have only 1?

    You could write a patch to make this edit for you, since every time you update and that file gets updated your change will be lost..