Firewall scrub same as random id generation?



  • I'm trying to understand some options in System:Advanced:Firewall. from reading the book and the openbsd pf scrub docs I am getting the impression that "Disable Firewall Scrub" is an inverted version of "IP Random id generation" and "IP Do-Not-Fragment compatibility". Or something like that? If I have "Disable Firewall Scrub" unchecked, is there any security value in checking the other two?


Log in to reply