I have been on OBSD 4.4 for a bit and had not really messed with pf.conf for a while.
When I updated to 4.6 there were a couple of settings that seemed ambiguous to me. 1) under Options, "set reassemble on". I know it is on by default but I got a parsing error when I tried it. I also found some man pages online that were missing this option however the man page in 4.6 does include it. So A) Is this supposed to work still? B) Is there a difference between setting "set reassemble on" in the options vs. "match in all scrub reassemble tcp"? 2)Using urpf-failed vs. antispoof. http://www.openbsd.org/faq/pf/filter.html says "uRPF provides the same functionality as antispoof rules." Is it truly identical? I could not find anything in the man page that explicitly says the are functionally equivalent. Is there a reason to use one over the other... or will one be deprecated? Thanks!
