> >It seems that my PF rule can't prevent fingerprint scan.
>
> >block drop in log quick on tun0 inet proto tcp all flags FPU/FPU
>
> >How to change my PF rules to prevent fingerprint scan on OpenBSD?
>
> Good query. I thought your rule (the one I left behind) should be
> able to handle scans. Evidently it doesn't. I would really like to
> know the answer. Anyone?

sysctl -w net.inet.tcp.recvspace=65536
sysctl -w net.inet.tcp.sendspace=65536
sysctl -w net.inet.tcp.sack=0

Index: sys/sys/protosw.h
================================================== =================
RCS file: /cvs/src/sys/sys/protosw.h,v
retrieving revision 1.9
diff -u -r1.9 protosw.h
--- sys/sys/protosw.h 2003/06/02 23:28:21 1.9
+++ sys/sys/protosw.h 2003/08/29 04:08:14
@@ -90,8 +90,8 @@
int (*pr_sysctl)(int *, u_int, void *, size_t *, void *, size_t);
};

-#define PR_SLOWHZ 2 /* 2 slow timeouts per second */
-#define PR_FASTHZ 5 /* 5 fast timeouts per second */
+#define PR_SLOWHZ 5 /* 2 slow timeouts per second */
+#define PR_FASTHZ 10 /* 5 fast timeouts per second */

/*
* Values for pr_flags.


--
"The laws in this city are clearly racist. All laws are racist.
The law of gravity is racist."
- M. Barry, Mayor of Washington, DC