20161122

pfSense Minimum TTL Adjustment / Fix

For dealing with situations where your pfSense firewall receives a TTL of 1, you can mangle this in the filtering code on the server.  The key file, for version 2.2.5 and similar, is /etc/inc/filter.inc:

filter.inc:            $scrubrules .= "scrub on \${$scrubcfg['descr']} all min-ttl 255 {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all directions

I have highlighted the addition in bold.  This is in the function filter_generate_scrubing().

I don't know if this works in newer versions of pfSense.  Tread with care!

Source:https://forum.pfsense.org/index.php?topic=27206.0

No comments:

Post a Comment