On 2014-11-14 14:54, Henning Brauer wrote:
Is anyone using "reassemble tcp" with scrub ? Been using this for years
without problems,
you just didn't notice the problems or didn't hit them. Reassemble tcp
isn't 100%, unfortunately, and never was. No changes in ages either.
Well, nobody raised a hand, so let's say I didn't notice.
hitting it more often now isn't too surprising given the increasing use
of windows scaling etc.
I see, so would you recommend to not use it ? As a workaround I tried
declaring second "scrub" line targeting this specific system with "to
IP.." syntax, and pf accepted it, but then it seems to be ignored.
Thanks!
