On 2014-11-14 14:54, Henning Brauer wrote:
Is anyone using "reassemble tcp" with scrub ? Been using this for years
you just didn't notice the problems or didn't hit them. Reassemble tcp
isn't 100%, unfortunately, and never was. No changes in ages either.
Well, nobody raised a hand, so let's say I didn't notice.
I see, so would you recommend to not use it ? As a workaround I tried
declaring second "scrub" line targeting this specific system with "to
IP.." syntax, and pf accepted it, but then it seems to be ignored.
hitting it more often now isn't too surprising given the increasing use
of windows scaling etc.