rfc1323 and scrub: window scaling

[Volodymyr Kostyrko]

It seems that I have failed to properly configure my machine to allow 
windows scaling. Whenever another host connects to my machine with 
window scaling enabled my host stop respond to his request after certain 
number of seconds. However, if I forcefully turn off rfc1323 support on 
my machine or "that other machine". Everything works just fine.

Also with rfc1323 on my config produces two states per connection, each 
one for one direction of packets - in and out. With rfc1323 off only one 
state is produced.

Here is my config:

set timeout { adaptive.start 8000, adaptive.end 12000 }
set ruleset-optimization basic
set block-policy return
set skip on lo0

scrub all fragment reassemble reassemble tcp random-id

outside="xl0"

table <sshguard> persist

block log all

pass  quick proto {icmp,icmp6} all keep state
block quick proto tcp from <sshguard> to any port 22

# $outside
pass out on $outside from ($outside) to any
pass out on $outside proto tcp from ($outside) to any modulate state
pass  in on $outside proto udp from any to 
{($outside),($outside:broadcast)} port {0:1023,12039,13616,20397}
pass  in on $outside proto tcp from any to 
{($outside),($outside:broadcast)} port 
{0:1023,2049,6881:6882,12039,20393} modulate state

-- 
Sphinx of black quartz judge my vow.