https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276856
Kajetan Staszkiewicz <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from Kajetan Staszkiewicz <[email protected]> --- You might want to consider using the new OpenBSD-compatible syntax. Instead of using scrub rules, which are evaluated statelessly for each packet, you can enable fragment reassembly with a single "set reassemble yes" option at the top of pf.conf. There have been some updates to the man page to better describe the behaviour change, I don't think they got to FreeBSD 14.0, though. You are right, though, about behaviour change. The problem is that if scrub rules are not present, new syntax is in charge, and for this syntax the default is to not perform reassembly. The comment in the code is quite clear on the logic behind it: we expect people to still have the old style scrub rules in place. I've just missed the fact that scrub rules reassemble packets even when they are not present (Do they? I need to check that, I never relied on packet reassembly in my systems.) I'll talk with kp@ how to address it. -- You are receiving this mail because: You are the assignee for the bug.
