On Thu, Jan 14, 2010 at 12:46 PM, Henning Brauer <lists-open...@bsws.de>wrote:
> > > I have > > > > match in all scrub (tcp reassemble no-df random-id max-mss 1440) > > > > in my pf.conf (-current) > > yeah, don't use reassemble tcp. it's not perfect. > How about fragment reassemble? I'm using it on my OpenBSD 4.5 pf, with scrub to enable a NAT AV app to work. Reading the man pages I noticed "fragment reassemble" has changed to "set reassemble"under scrub for 4.6 or -current. It also looks like it is turned on by default in 4.5, 4.6 or current.
