Hi, I am still learning about pf in FreeBSD and so would appreciate some help. I want to create a rule to set tos to an icmp packet but omit fragment reassemble option. But it looks like it can't be done. As far as I understand, the only way to disable fragment reassemble is to use it with a no scrub option. so I tried like below, but it is not giving me the expected result.
These rules are displayed as
This is not giving me the desired result of setting tos without fragment reassembly. Can we have two "scrub in" rules in the same pf.conf ? I guess not, because only the first one is taking effect.
Code:
ext_if="em0"
no scrub in on $ext_if proto {icmp} fragment reassemble
scrub in on $ext_if proto {icmp} all set-tos lowdelay
pass log (all) all
Code:
# pfctl -s rules
no scrub in on em0 proto icmp all
scrub in on em0 proto icmp all set-tos 0x10 fragment reassemble
pass log (all) all flags S/SA keep state
#