Dear list,
i want to block udp fragments to a specific host while the reassembling is turned on for all other traffic: In pf I would write something like this: <snip> # reassemble fragmented packets (default yes) set reassemble yes # scrub all traffic match all scrub (random-id no-df) # block fragments to host 10.0.0.10 block log quick from any to 10.0.0.10 fragment <snap> For me, it sounds like this is not possible, because reassembling happens before pf and it is only possible to turn it on or off as a whole, right? Is there an other way to achieve this challenge. Any advice ? Thanks, Joerg
