Security Info for FreeBSD and PFSense Systems - CVE-2023-4809: FreeBSD pf bypass when using IPv6
Update on this issue Scrub is enabled by default on Pfsense, but the pfSense default ruleset blocks unknown traffic and does not permit IPv6 fragments, so default pfSense installs are not actually affected.
Read More