Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Modulate State missing from 2.1.5?

    Firewalling
    2
    2
    574
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johnny5.1
      last edited by

      I'm moving our firewall over from openBSD with pf, to pfsense. We have some rules that require "modulate state". I see the options for "keep", "sloppy", "synproxy", and "none" but nothing for "modulate" state. Only synproxy states that it combines keep and modulate state. Yet it was mentioned somewhere that synproxy should be avoided if you don't absolutely need it. Has modulate state been removed? I can't find anything anywhere about this. I just have several sites stating where it is supposed to be.

      I understand it only works with TCP, yet event though that is selected, saved, and applied it still will not give me the modulate option. Has this option been replaced?

      Thanks for any help!

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        In 2008 that option was removed because it was broken in FreeBSD at the time and not really useful. It seems it still might have problems with IPv6. It's one of those things that's in there as a solution to 1990s/early 2000s problems. Do you really have anything on your network that isn't properly randomizing ISNs? No currently supported mainstream OS has issues with ISN randomization. Using keep state should be fine.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.