4. Modulate State missing from 2.1.5?

Modulate State missing from 2.1.5?

  • J

    I'm moving our firewall over from openBSD with pf, to pfsense. We have some rules that require "modulate state". I see the options for "keep", "sloppy", "synproxy", and "none" but nothing for "modulate" state. Only synproxy states that it combines keep and modulate state. Yet it was mentioned somewhere that synproxy should be avoided if you don't absolutely need it. Has modulate state been removed? I can't find anything anywhere about this. I just have several sites stating where it is supposed to be.

    I understand it only works with TCP, yet event though that is selected, saved, and applied it still will not give me the modulate option. Has this option been replaced?

    Thanks for any help!

    0
  • C

    In 2008 that option was removed because it was broken in FreeBSD at the time and not really useful. It seems it still might have problems with IPv6. It's one of those things that's in there as a solution to 1990s/early 2000s problems. Do you really have anything on your network that isn't properly randomizing ISNs? No currently supported mainstream OS has issues with ISN randomization. Using keep state should be fine.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy