pf


match rules

scrub split into reassembly and other stuff
mss, ttl, tos, df, random-id, tcp reassembly

before: scrub min-ttl 64
after: match scrub(min-ttl 64)

NAT rewrite

before: nat on $ext_if from 10/8 -> ($ext_if)
after: match out on $ext_if from 10/8 nat-to ($ext_if)