PF Traffic Normalization Syntax Problem

[saznik]

Hi, I have a FreeBSD 8.2 firewall with pf. I try to expand our existing ruleset for some traffic normalization parameters. I'd like to add the following lines:

##### Traffic Normalization #####
match in all scrub (no-df random-id min-ttl 5 max-mss 1440 reassemble tcp)
match out on $EXT_IF scrub (no-df random-id)

When I parse the file I get a syntax error. Can anybody help me what I'm doing wrong?

Thanks

 

[pbd]

I believe correct syntax is

scrub all no-df random-id min-ttl 5 max-mss 1440 reassemble tcp
scrub out on $EXT_IF no-df random-id

Note missing in on first line - reassemble tcp rules can not specify direction.

 

[saznik]

The syntax is correct. It works fine now. Thanks for your help!