scrub gone

42 files changed, 417 insertions, 1130 deletions

diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile
index 0e50487367f..a1ffbc74deb 100644
--- a/regress/sbin/pfctl/Makefile
+++ b/regress/sbin/pfctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.203 2008/05/09 02:44:55 markus Exp $
+# $OpenBSD: Makefile,v 1.204 2009/04/06 12:41:47 henning Exp $
 
 # TARGETS
 # pf: feed pfNN.in through pfctl and check wether the output matches pfNN.ok
@@ -20,7 +20,7 @@ PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 23 24 25 27
 PFFAIL+=28 29 30 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
 PFSIMPLE=1 2
 PFSETUP=1 2 3 4
-PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 23 24 25 26 27 28 29
+PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 23 24 25 26 27 28 29
 PFLOAD+=30 31 32 34 36 38 39 40 44 46 47 48 49 54 56 60 61 65 66 67 68 69 70 71
 PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84 87 88 89 90 91 92
 PFALTQ=1 2 3 4 5 6 7 8 9 10 11 12 13 14
diff --git a/regress/sbin/pfctl/pf15.in b/regress/sbin/pfctl/pf15.in
index ef6c25c74d6..8900969633f 100644
--- a/regress/sbin/pfctl/pf15.in
+++ b/regress/sbin/pfctl/pf15.in
@@ -1,19 +1,11 @@
-no scrub on lo0 from 192.168.1.1 to 10.1.2.3
-scrub in on lo0 from any to any no-df
-scrub in log on lo0 from any to any min-ttl 25
-scrub on lo0 from any to any max-mss 224
-scrub out log on lo1000000 from any to 10.0.0.1 no-df max-mss 224
-scrub in on lo0 from any to any max-mss 224
-scrub in log on {lo0 lo1000000} from any to any
-scrub in on lo0 inet from (lo0) to any
-scrub in log on lo0 inet6 from { (lo1000000), (lo0) } to 2000::1
-scrub in inet from { 10.0.0.1, 10.0.0.2 } to { 10.0.0.3, 10.0.0.4 }
-scrub in from { lo0 10.1.1.1 } to any
-scrub in from { 10.0.0.1 lo0 } to any
-scrub in from !lo0 to any
-scrub in on !lo0
-scrub proto udp set-tos lowdelay
-scrub out proto esp set-tos throughput
-scrub out proto ah set-tos reliability
-scrub out proto icmp set-tos 0x12
-scrub out all tagged THROUGHPUT set-tos throughput
+set reassemble yes no-df
+set reassemble no
+match scrub(no-df)
+match scrub(min-ttl 25)
+match scrub(max-mss 224)
+match scrub(no-df max-mss 224)
+match scrub(set-tos lowdelay)
+match out proto esp scrub(set-tos throughput)
+match out proto ah scrub(set-tos reliability)
+match out proto icmp scrub(set-tos 0x12)
+match out all tagged THROUGHPUT scrub (set-tos throughput)
diff --git a/regress/sbin/pfctl/pf15.loaded b/regress/sbin/pfctl/pf15.loaded
index 988e36fd70d..7604eb47a65 100644
--- a/regress/sbin/pfctl/pf15.loaded
+++ b/regress/sbin/pfctl/pf15.loaded
@@ -1,128 +1,36 @@
-@0 no scrub on lo0 inet from 192.168.1.1 to 10.1.2.3
-  [ Skip steps: i=4 p=27 sp=end dp=end ]
+@0 match all scrub (no-df)
+  [ Skip steps: i=end d=5 f=end p=5 sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub in on lo0 all no-df fragment reassemble
-  [ Skip steps: i=4 d=3 f=4 p=27 sa=8 sp=end da=4 dp=end ]
+@1 match all scrub (min-ttl 25)
+  [ Skip steps: i=end d=5 f=end p=5 sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub in log on lo0 all min-ttl 25 fragment reassemble
-  [ Skip steps: i=4 f=4 p=27 sa=8 sp=end da=4 dp=end ]
+@2 match all scrub (max-mss 224)
+  [ Skip steps: i=end d=5 f=end p=5 sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub on lo0 all max-mss 224 fragment reassemble
-  [ Skip steps: p=27 sa=8 sp=end dp=end ]
+@3 match all scrub (no-df max-mss 224)
+  [ Skip steps: i=end d=5 f=end p=5 sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 scrub out log on lo1000000 inet from any to 10.0.0.1 no-df max-mss 224 fragment reassemble
-  [ Skip steps: p=27 sa=8 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 scrub in on lo0 all max-mss 224 fragment reassemble
-  [ Skip steps: i=7 d=27 f=8 p=27 sa=8 sp=end da=9 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@6 scrub in log on lo0 all fragment reassemble
-  [ Skip steps: d=27 f=8 p=27 sa=8 sp=end da=9 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@7 scrub in log on lo1000000 all fragment reassemble
-  [ Skip steps: d=27 p=27 sp=end da=9 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@8 scrub in on lo0 inet from (lo0:1) to any fragment reassemble
-  [ Skip steps: i=11 d=27 p=27 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@9 scrub in log on lo0 inet6 from (lo1000000:*) to 2000::1 fragment reassemble
-  [ Skip steps: i=11 d=27 f=11 p=27 sp=end da=11 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@10 scrub in log on lo0 inet6 from (lo0:2) to 2000::1 fragment reassemble
-  [ Skip steps: d=27 p=27 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@11 scrub in inet from 10.0.0.1 to 10.0.0.3 fragment reassemble
-  [ Skip steps: i=17 d=27 f=16 p=27 sa=13 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@12 scrub in inet from 10.0.0.1 to 10.0.0.4 fragment reassemble
-  [ Skip steps: i=17 d=27 f=16 p=27 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@13 scrub in inet from 10.0.0.2 to 10.0.0.3 fragment reassemble
-  [ Skip steps: i=17 d=27 f=16 p=27 sa=15 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@14 scrub in inet from 10.0.0.2 to 10.0.0.4 fragment reassemble
-  [ Skip steps: i=17 d=27 f=16 p=27 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@15 scrub in inet from 127.0.0.1 to any fragment reassemble
-  [ Skip steps: i=17 d=27 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@16 scrub in inet6 from ::1 to any fragment reassemble
-  [ Skip steps: d=27 f=18 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@17 scrub in on lo0 inet6 from fe80::1 to any fragment reassemble
-  [ Skip steps: d=27 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@18 scrub in inet from 10.1.1.1 to any fragment reassemble
-  [ Skip steps: i=22 d=27 f=21 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@19 scrub in inet from 10.0.0.1 to any fragment reassemble
-  [ Skip steps: i=22 d=27 f=21 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@20 scrub in inet from 127.0.0.1 to any fragment reassemble
-  [ Skip steps: i=22 d=27 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@21 scrub in inet6 from ::1 to any fragment reassemble
-  [ Skip steps: d=27 f=23 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@22 scrub in on lo0 inet6 from fe80::1 to any fragment reassemble
-  [ Skip steps: d=27 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@23 scrub in inet from ! 127.0.0.1 to any fragment reassemble
-  [ Skip steps: i=25 d=27 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@24 scrub in inet6 from ! ::1 to any fragment reassemble
-  [ Skip steps: d=27 f=26 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@25 scrub in on lo0 inet6 from ! fe80::1 to any fragment reassemble
-  [ Skip steps: d=27 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@26 scrub in on ! lo0 all fragment reassemble
-  [ Skip steps: f=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@27 scrub proto udp all set-tos 0x10 fragment reassemble
+@4 match all scrub (set-tos 0x10)
   [ Skip steps: i=end f=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@28 scrub out proto esp all set-tos 0x08 fragment reassemble
+@5 match out proto esp all scrub (set-tos 0x08)
   [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@29 scrub out proto ah all set-tos 0x04 fragment reassemble
+@6 match out proto ah all scrub (set-tos 0x04)
   [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@30 scrub out proto icmp all set-tos 0x12 fragment reassemble
+@7 match out proto icmp all scrub (set-tos 0x12)
   [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@31 scrub out all set-tos 0x08 fragment reassemble tagged THROUGHPUT
+@8 match out all scrub (set-tos 0x08) tagged THROUGHPUT
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf15.ok b/regress/sbin/pfctl/pf15.ok
index fbd17ea02df..24776aad28a 100644
--- a/regress/sbin/pfctl/pf15.ok
+++ b/regress/sbin/pfctl/pf15.ok
@@ -1,32 +1,11 @@
-no scrub on lo0 inet from 192.168.1.1 to 10.1.2.3
-scrub in on lo0 all no-df fragment reassemble
-scrub in log on lo0 all min-ttl 25 fragment reassemble
-scrub on lo0 all max-mss 224 fragment reassemble
-scrub out log on lo1000000 inet from any to 10.0.0.1 no-df max-mss 224 fragment reassemble
-scrub in on lo0 all max-mss 224 fragment reassemble
-scrub in log on lo0 all fragment reassemble
-scrub in log on lo1000000 all fragment reassemble
-scrub in on lo0 inet from (lo0) to any fragment reassemble
-scrub in log on lo0 inet6 from (lo1000000) to 2000::1 fragment reassemble
-scrub in log on lo0 inet6 from (lo0) to 2000::1 fragment reassemble
-scrub in inet from 10.0.0.1 to 10.0.0.3 fragment reassemble
-scrub in inet from 10.0.0.1 to 10.0.0.4 fragment reassemble
-scrub in inet from 10.0.0.2 to 10.0.0.3 fragment reassemble
-scrub in inet from 10.0.0.2 to 10.0.0.4 fragment reassemble
-scrub in inet from 127.0.0.1 to any fragment reassemble
-scrub in inet6 from ::1 to any fragment reassemble
-scrub in on lo0 inet6 from fe80::1 to any fragment reassemble
-scrub in inet from 10.1.1.1 to any fragment reassemble
-scrub in inet from 10.0.0.1 to any fragment reassemble
-scrub in inet from 127.0.0.1 to any fragment reassemble
-scrub in inet6 from ::1 to any fragment reassemble
-scrub in on lo0 inet6 from fe80::1 to any fragment reassemble
-scrub in inet from ! 127.0.0.1 to any fragment reassemble
-scrub in inet6 from ! ::1 to any fragment reassemble
-scrub in on lo0 inet6 from ! fe80::1 to any fragment reassemble
-scrub in on ! lo0 all fragment reassemble
-scrub proto udp all set-tos 0x10 fragment reassemble
-scrub out proto esp all set-tos 0x08 fragment reassemble
-scrub out proto ah all set-tos 0x04 fragment reassemble
-scrub out proto icmp all set-tos 0x12 fragment reassemble
-scrub out all set-tos 0x08 fragment reassemble tagged THROUGHPUT
+set reassemble yes no-df
+set reassemble no 
+match all scrub (no-df)
+match all scrub (min-ttl 25)
+match all scrub (max-mss 224)
+match all scrub (no-df max-mss 224)
+match all scrub (set-tos 0x10)
+match out proto esp all scrub (set-tos 0x08)
+match out proto ah all scrub (set-tos 0x04)
+match out proto icmp all scrub (set-tos 0x12)
+match out all scrub (set-tos 0x08) tagged THROUGHPUT
diff --git a/regress/sbin/pfctl/pf15.optimized b/regress/sbin/pfctl/pf15.optimized
index 988e36fd70d..6b2db1c038a 100644
--- a/regress/sbin/pfctl/pf15.optimized
+++ b/regress/sbin/pfctl/pf15.optimized
@@ -1,128 +1,20 @@
-@0 no scrub on lo0 inet from 192.168.1.1 to 10.1.2.3
-  [ Skip steps: i=4 p=27 sp=end dp=end ]
+@0 match all scrub (no-df)
+  [ Skip steps: i=end d=4 f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub in on lo0 all no-df fragment reassemble
-  [ Skip steps: i=4 d=3 f=4 p=27 sa=8 sp=end da=4 dp=end ]
+@1 match all scrub (min-ttl 25)
+  [ Skip steps: i=end d=4 f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub in log on lo0 all min-ttl 25 fragment reassemble
-  [ Skip steps: i=4 f=4 p=27 sa=8 sp=end da=4 dp=end ]
+@2 match all scrub (no-df max-mss 224)
+  [ Skip steps: i=end d=4 f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub on lo0 all max-mss 224 fragment reassemble
-  [ Skip steps: p=27 sa=8 sp=end dp=end ]
+@3 match all scrub (set-tos 0x10)
+  [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 scrub out log on lo1000000 inet from any to 10.0.0.1 no-df max-mss 224 fragment reassemble
-  [ Skip steps: p=27 sa=8 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 scrub in on lo0 all max-mss 224 fragment reassemble
-  [ Skip steps: i=7 d=27 f=8 p=27 sa=8 sp=end da=9 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@6 scrub in log on lo0 all fragment reassemble
-  [ Skip steps: d=27 f=8 p=27 sa=8 sp=end da=9 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@7 scrub in log on lo1000000 all fragment reassemble
-  [ Skip steps: d=27 p=27 sp=end da=9 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@8 scrub in on lo0 inet from (lo0:1) to any fragment reassemble
-  [ Skip steps: i=11 d=27 p=27 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@9 scrub in log on lo0 inet6 from (lo1000000:*) to 2000::1 fragment reassemble
-  [ Skip steps: i=11 d=27 f=11 p=27 sp=end da=11 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@10 scrub in log on lo0 inet6 from (lo0:2) to 2000::1 fragment reassemble
-  [ Skip steps: d=27 p=27 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@11 scrub in inet from 10.0.0.1 to 10.0.0.3 fragment reassemble
-  [ Skip steps: i=17 d=27 f=16 p=27 sa=13 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@12 scrub in inet from 10.0.0.1 to 10.0.0.4 fragment reassemble
-  [ Skip steps: i=17 d=27 f=16 p=27 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@13 scrub in inet from 10.0.0.2 to 10.0.0.3 fragment reassemble
-  [ Skip steps: i=17 d=27 f=16 p=27 sa=15 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@14 scrub in inet from 10.0.0.2 to 10.0.0.4 fragment reassemble
-  [ Skip steps: i=17 d=27 f=16 p=27 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@15 scrub in inet from 127.0.0.1 to any fragment reassemble
-  [ Skip steps: i=17 d=27 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@16 scrub in inet6 from ::1 to any fragment reassemble
-  [ Skip steps: d=27 f=18 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@17 scrub in on lo0 inet6 from fe80::1 to any fragment reassemble
-  [ Skip steps: d=27 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@18 scrub in inet from 10.1.1.1 to any fragment reassemble
-  [ Skip steps: i=22 d=27 f=21 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@19 scrub in inet from 10.0.0.1 to any fragment reassemble
-  [ Skip steps: i=22 d=27 f=21 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@20 scrub in inet from 127.0.0.1 to any fragment reassemble
-  [ Skip steps: i=22 d=27 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@21 scrub in inet6 from ::1 to any fragment reassemble
-  [ Skip steps: d=27 f=23 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@22 scrub in on lo0 inet6 from fe80::1 to any fragment reassemble
-  [ Skip steps: d=27 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@23 scrub in inet from ! 127.0.0.1 to any fragment reassemble
-  [ Skip steps: i=25 d=27 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@24 scrub in inet6 from ! ::1 to any fragment reassemble
-  [ Skip steps: d=27 f=26 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@25 scrub in on lo0 inet6 from ! fe80::1 to any fragment reassemble
-  [ Skip steps: d=27 p=27 sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@26 scrub in on ! lo0 all fragment reassemble
-  [ Skip steps: f=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@27 scrub proto udp all set-tos 0x10 fragment reassemble
-  [ Skip steps: i=end f=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@28 scrub out proto esp all set-tos 0x08 fragment reassemble
-  [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@29 scrub out proto ah all set-tos 0x04 fragment reassemble
-  [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@30 scrub out proto icmp all set-tos 0x12 fragment reassemble
-  [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@31 scrub out all set-tos 0x08 fragment reassemble tagged THROUGHPUT
+@4 match out all scrub (set-tos 0x08) tagged THROUGHPUT
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf16.in b/regress/sbin/pfctl/pf16.in
index 39d516e16e6..84f28cd6914 100644
--- a/regress/sbin/pfctl/pf16.in
+++ b/regress/sbin/pfctl/pf16.in
@@ -1,5 +1,4 @@
-# Test rule order processing: should fail unless scrub -> nat -> filter
-scrub in on lo0 all
+# Test rule order processing: should fail unless nat -> filter
 nat on lo0 from 192.168.1.1 to any -> 10.0.0.1
 rdr on lo0 proto tcp from any to 1.2.3.4/32 port 2222 -> 10.0.0.10 port 22   
 binat on lo0 from 192.168.1.1 to any -> 10.0.0.1
diff --git a/regress/sbin/pfctl/pf16.loaded b/regress/sbin/pfctl/pf16.loaded
index 927c2045491..0f086b7c954 100644
--- a/regress/sbin/pfctl/pf16.loaded
+++ b/regress/sbin/pfctl/pf16.loaded
@@ -10,10 +10,6 @@
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@0 scrub in on lo0 all fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
 @0 pass in on lo1000000 all no state
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
diff --git a/regress/sbin/pfctl/pf16.ok b/regress/sbin/pfctl/pf16.ok
index 6c7bfae0d5a..87bdd677662 100644
--- a/regress/sbin/pfctl/pf16.ok
+++ b/regress/sbin/pfctl/pf16.ok
@@ -1,4 +1,3 @@
-scrub in on lo0 all fragment reassemble
 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1
 rdr on lo0 inet proto tcp from any to 1.2.3.4 port = 2222 -> 10.0.0.10 port 22
 binat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1
diff --git a/regress/sbin/pfctl/pf16.optimized b/regress/sbin/pfctl/pf16.optimized
index 927c2045491..0f086b7c954 100644
--- a/regress/sbin/pfctl/pf16.optimized
+++ b/regress/sbin/pfctl/pf16.optimized
@@ -10,10 +10,6 @@
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@0 scrub in on lo0 all fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
 @0 pass in on lo1000000 all no state
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
diff --git a/regress/sbin/pfctl/pf21.in b/regress/sbin/pfctl/pf21.in
index 09a4d632e84..c3b94cd24af 100644
--- a/regress/sbin/pfctl/pf21.in
+++ b/regress/sbin/pfctl/pf21.in
@@ -1,6 +1,3 @@
-
-# Test SCRUB frag options
-scrub in all
-scrub in all fragment reassemble
-scrub in all fragment drop-ovl
-scrub in all fragment crop
+set reassemble yes
+set reassemble no
+set reassemble yes no-df
diff --git a/regress/sbin/pfctl/pf21.loaded b/regress/sbin/pfctl/pf21.loaded
deleted file mode 100644
index 15241d19e78..00000000000
--- a/regress/sbin/pfctl/pf21.loaded
+++ /dev/null
@@ -1,16 +0,0 @@
-@0 scrub in all fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub in all fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub in all fragment drop-ovl
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub in all fragment crop
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf21.ok b/regress/sbin/pfctl/pf21.ok
index 76570e4ab97..50b0874ef1b 100644
--- a/regress/sbin/pfctl/pf21.ok
+++ b/regress/sbin/pfctl/pf21.ok
@@ -1,4 +1,3 @@
-scrub in all fragment reassemble
-scrub in all fragment reassemble
-scrub in all fragment drop-ovl
-scrub in all fragment crop
+set reassemble yes 
+set reassemble no 
+set reassemble yes no-df
diff --git a/regress/sbin/pfctl/pf21.optimized b/regress/sbin/pfctl/pf21.optimized
index 15241d19e78..e69de29bb2d 100644
--- a/regress/sbin/pfctl/pf21.optimized
+++ b/regress/sbin/pfctl/pf21.optimized
@@ -1,16 +0,0 @@
-@0 scrub in all fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub in all fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub in all fragment drop-ovl
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub in all fragment crop
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf40.in b/regress/sbin/pfctl/pf40.in
index 0bd6ef907bc..7d91ad44710 100644
--- a/regress/sbin/pfctl/pf40.in
+++ b/regress/sbin/pfctl/pf40.in
@@ -1,9 +1,3 @@
-scrub
-scrub all
-scrub in
-scrub out
-scrub in all
-scrub from any to any
 block
 block return
 block return-rst proto tcp
diff --git a/regress/sbin/pfctl/pf40.loaded b/regress/sbin/pfctl/pf40.loaded
index d7a6fa0e4c8..7a6af32bf13 100644
--- a/regress/sbin/pfctl/pf40.loaded
+++ b/regress/sbin/pfctl/pf40.loaded
@@ -1,27 +1,3 @@
-@0 scrub all fragment reassemble
-  [ Skip steps: i=end d=2 f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub all fragment reassemble
-  [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub in all fragment reassemble
-  [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub out all fragment reassemble
-  [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 scrub in all fragment reassemble
-  [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 scrub all fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
 @0 block drop all
   [ Skip steps: i=12 d=4 f=end p=2 sa=end sp=end da=end dp=19 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
diff --git a/regress/sbin/pfctl/pf40.ok b/regress/sbin/pfctl/pf40.ok
index 104b81e2a4c..1a740bb9647 100644
--- a/regress/sbin/pfctl/pf40.ok
+++ b/regress/sbin/pfctl/pf40.ok
@@ -1,9 +1,3 @@
-scrub all fragment reassemble
-scrub all fragment reassemble
-scrub in all fragment reassemble
-scrub out all fragment reassemble
-scrub in all fragment reassemble
-scrub all fragment reassemble
 block drop all
 block return all
 block return-rst proto tcp all
diff --git a/regress/sbin/pfctl/pf40.optimized b/regress/sbin/pfctl/pf40.optimized
index 77060a6a764..61b43756f82 100644
--- a/regress/sbin/pfctl/pf40.optimized
+++ b/regress/sbin/pfctl/pf40.optimized
@@ -1,27 +1,3 @@
-@0 scrub all fragment reassemble
-  [ Skip steps: i=end d=2 f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub all fragment reassemble
-  [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub in all fragment reassemble
-  [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub out all fragment reassemble
-  [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 scrub in all fragment reassemble
-  [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 scrub all fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
 @0 block drop all
   [ Skip steps: i=8 d=6 f=end p=2 sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
diff --git a/regress/sbin/pfctl/pf44.in b/regress/sbin/pfctl/pf44.in
index aa737d20ff0..a254534ee34 100644
--- a/regress/sbin/pfctl/pf44.in
+++ b/regress/sbin/pfctl/pf44.in
@@ -1,8 +1,8 @@
 #scrub opts in unusual order
 
-scrub in on lo0 from any to any min-ttl 15 no-df max-mss 224
-scrub in on lo0 from any to any no-df max-mss 224 min-ttl 15
-scrub in on lo0 from any to any fragment reassemble max-mss 224 min-ttl 15 no-df
-scrub in on lo0 from any to any min-ttl 15 fragment drop-ovl no-df max-mss 224
-scrub in on lo0 from any to any no-df max-mss 224 fragment crop min-ttl 15
-scrub in on lo0 from any to any max-mss 224 min-ttl 15 no-df fragment reassemble
+match in on lo0 from any to any scrub(min-ttl 15, no-df, max-mss 224)
+match in on lo0 from any to any scrub(no-df max-mss 224 min-ttl 15)
+match in on lo0 from any to any scrub(max-mss 224, min-ttl 15 no-df)
+match in on lo0 from any to any scrub(min-ttl 15 no-df, max-mss 224)
+match in on lo0 from any to any scrub(no-df max-mss 224 min-ttl 15)
+match in on lo0 from any to any scrub(max-mss 224 min-ttl 15 no-df reassemble tcp)
diff --git a/regress/sbin/pfctl/pf44.loaded b/regress/sbin/pfctl/pf44.loaded
index 57641868833..78d7dd6416e 100644
--- a/regress/sbin/pfctl/pf44.loaded
+++ b/regress/sbin/pfctl/pf44.loaded
@@ -1,24 +1,24 @@
-@0 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble
+@0 match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble
+@1 match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble
+@2 match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment drop-ovl
+@3 match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment crop
+@4 match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble
+@5 match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf44.ok b/regress/sbin/pfctl/pf44.ok
index 19f1e218a28..c28db502fa2 100644
--- a/regress/sbin/pfctl/pf44.ok
+++ b/regress/sbin/pfctl/pf44.ok
@@ -1,6 +1,6 @@
-scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment drop-ovl
-scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment crop
-scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble
+match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
diff --git a/regress/sbin/pfctl/pf44.optimized b/regress/sbin/pfctl/pf44.optimized
index 57641868833..583af2ea793 100644
--- a/regress/sbin/pfctl/pf44.optimized
+++ b/regress/sbin/pfctl/pf44.optimized
@@ -1,24 +1,4 @@
-@0 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment drop-ovl
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment crop
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble
+@0 match in on lo0 all scrub (no-df min-ttl 15 max-mss 224)
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf48.in b/regress/sbin/pfctl/pf48.in
index f6014eef072..6605dc7ed1a 100644
--- a/regress/sbin/pfctl/pf48.in
+++ b/regress/sbin/pfctl/pf48.in
@@ -1,12 +1,12 @@
 table < regress > { 1.2.3.4 !5.6.7.8 10/8 lo0 }
 table <regress.1> const { ::1 fe80::/64 }
 table <regress.a> { 1.2.3.4 !5.6.7.8 } { ::1 ::2 ::3 } file "/dev/null" const { 4.3.2.1 }
-scrub in from { <regress.1> !<regress.2> } to any
-scrub out from any to { !<regress.1>, <regress.2> }
 nat on lo0 from < regress.1> to <regress.2> -> lo0
 nat on !lo0 from !<regress.1 > to <regress.2> -> lo0
 rdr on lo0 from <regress.1> to <regress.2> -> lo0
 rdr on !lo0 from !< regress.1 > to <regress.2> -> lo0
+match in from { <regress.1> !<regress.2> } to any
+match out from any to { !<regress.1>, <regress.2> }
 pass in from <regress> to any
 pass out from any to <regress >
 pass in from { <regress.1> <regress.2> } to any
diff --git a/regress/sbin/pfctl/pf48.loaded b/regress/sbin/pfctl/pf48.loaded
index 31b0712d596..1f39a36750e 100644
--- a/regress/sbin/pfctl/pf48.loaded
+++ b/regress/sbin/pfctl/pf48.loaded
@@ -14,43 +14,43 @@
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@0 scrub in from <regress.1:2> to any fragment reassemble
+@0 match in from <regress.1:2> to any
   [ Skip steps: i=end d=2 f=end p=end sp=end da=2 dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub in from ! <regress.2:*> to any fragment reassemble
+@1 match in from ! <regress.2:*> to any
   [ Skip steps: i=end f=end p=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub out from any to ! <regress.1:2> fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ]
+@2 match out from any to ! <regress.1:2>
+  [ Skip steps: i=end d=4 f=end p=end sa=4 sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub out from any to <regress.2:*> fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@3 match out from any to <regress.2:*>
+  [ Skip steps: i=end f=end p=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@0 pass in from <regress:6> to any flags S/SA keep state
+@4 pass in from <regress:6> to any flags S/SA keep state
   [ Skip steps: i=end f=end p=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 pass out from any to <regress:6> flags S/SA keep state
+@5 pass out from any to <regress:6> flags S/SA keep state
   [ Skip steps: i=end f=end p=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 pass in from <regress.1:2> to any flags S/SA keep state
-  [ Skip steps: i=end d=4 f=end p=end sp=end da=4 dp=end ]
+@6 pass in from <regress.1:2> to any flags S/SA keep state
+  [ Skip steps: i=end d=8 f=end p=end sp=end da=8 dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 pass in from <regress.2:*> to any flags S/SA keep state
+@7 pass in from <regress.2:*> to any flags S/SA keep state
   [ Skip steps: i=end f=end p=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 pass out from any to ! <regress.1:2> flags S/SA keep state
+@8 pass out from any to ! <regress.1:2> flags S/SA keep state
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 pass out from any to ! <regress.2:*> flags S/SA keep state
+@9 pass out from any to ! <regress.2:*> flags S/SA keep state
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf48.ok b/regress/sbin/pfctl/pf48.ok
index e38f19bc2a3..9c864f2a627 100644
--- a/regress/sbin/pfctl/pf48.ok
+++ b/regress/sbin/pfctl/pf48.ok
@@ -1,14 +1,14 @@
 table <regress> { 1.2.3.4 !5.6.7.8 10.0.0.0/8 127.0.0.1 ::1 fe80::1 }
 table <regress.1> const { ::1 fe80::/64 }
 table <regress.a> const { 1.2.3.4 !5.6.7.8 ::1 ::2 ::3 } file "/dev/null" { 4.3.2.1 }
-scrub in from <regress.1> to any fragment reassemble
-scrub in from ! <regress.2> to any fragment reassemble
-scrub out from any to ! <regress.1> fragment reassemble
-scrub out from any to <regress.2> fragment reassemble
 nat on lo0 inet from <regress.1> to <regress.2> -> 127.0.0.1
 nat on ! lo0 inet from ! <regress.1> to <regress.2> -> 127.0.0.1
 rdr on lo0 inet from <regress.1> to <regress.2> -> 127.0.0.1
 rdr on ! lo0 inet from ! <regress.1> to <regress.2> -> 127.0.0.1
+match in from <regress.1> to any
+match in from ! <regress.2> to any
+match out from any to ! <regress.1>
+match out from any to <regress.2>
 pass in from <regress> to any flags S/SA keep state
 pass out from any to <regress> flags S/SA keep state
 pass in from <regress.1> to any flags S/SA keep state
diff --git a/regress/sbin/pfctl/pf48.optimized b/regress/sbin/pfctl/pf48.optimized
index f944edb5331..b7832dac8cd 100644
--- a/regress/sbin/pfctl/pf48.optimized
+++ b/regress/sbin/pfctl/pf48.optimized
@@ -14,43 +14,43 @@
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@0 scrub in from <regress.1:2> to any fragment reassemble
+@0 match in from <regress.1:2> to any
   [ Skip steps: i=end d=2 f=end p=end sp=end da=2 dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub in from ! <regress.2:*> to any fragment reassemble
+@1 match in from ! <regress.2:*> to any
   [ Skip steps: i=end f=end p=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub out from any to ! <regress.1:2> fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ]
+@2 match out from any to ! <regress.1:2>
+  [ Skip steps: i=end d=4 f=end p=end sa=4 sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub out from any to <regress.2:*> fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+@3 match out from any to <regress.2:*>
+  [ Skip steps: i=end f=end p=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@0 pass in from <regress:6> to any flags S/SA keep state
-  [ Skip steps: i=end d=3 f=end p=end sp=end da=3 dp=end ]
+@4 pass in from <regress:6> to any flags S/SA keep state
+  [ Skip steps: i=end d=7 f=end p=end sp=end da=7 dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 pass in from <regress.1:2> to any flags S/SA keep state
-  [ Skip steps: i=end d=3 f=end p=end sp=end da=3 dp=end ]
+@5 pass in from <regress.1:2> to any flags S/SA keep state
+  [ Skip steps: i=end d=7 f=end p=end sp=end da=7 dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 pass in from <regress.2:*> to any flags S/SA keep state
+@6 pass in from <regress.2:*> to any flags S/SA keep state
   [ Skip steps: i=end f=end p=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 pass out from any to <regress:6> flags S/SA keep state
+@7 pass out from any to <regress:6> flags S/SA keep state
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 pass out from any to ! <regress.1:2> flags S/SA keep state
+@8 pass out from any to ! <regress.1:2> flags S/SA keep state
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 pass out from any to ! <regress.2:*> flags S/SA keep state
+@9 pass out from any to ! <regress.2:*> flags S/SA keep state
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf54.in b/regress/sbin/pfctl/pf54.in
index c5c84253c0b..5f6b2b3cc60 100644
--- a/regress/sbin/pfctl/pf54.in
+++ b/regress/sbin/pfctl/pf54.in
@@ -1,3 +1,3 @@
 #scrub random-id
 
-scrub random-id
+match scrub(random-id)
diff --git a/regress/sbin/pfctl/pf54.loaded b/regress/sbin/pfctl/pf54.loaded
index c9e12277984..2794e743e45 100644
--- a/regress/sbin/pfctl/pf54.loaded
+++ b/regress/sbin/pfctl/pf54.loaded
@@ -1,4 +1,4 @@
-@0 scrub all random-id fragment reassemble
+@0 match all scrub (random-id)
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf54.ok b/regress/sbin/pfctl/pf54.ok
index d8672c08ff3..fb516ea066a 100644
--- a/regress/sbin/pfctl/pf54.ok
+++ b/regress/sbin/pfctl/pf54.ok
@@ -1 +1 @@
-scrub all random-id fragment reassemble
+match all scrub (random-id)
diff --git a/regress/sbin/pfctl/pf54.optimized b/regress/sbin/pfctl/pf54.optimized
index c9e12277984..2794e743e45 100644
--- a/regress/sbin/pfctl/pf54.optimized
+++ b/regress/sbin/pfctl/pf54.optimized
@@ -1,4 +1,4 @@
-@0 scrub all random-id fragment reassemble
+@0 match all scrub (random-id)
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf68.in b/regress/sbin/pfctl/pf68.in
index 8b440b4264d..9a8d416dd23 100644
--- a/regress/sbin/pfctl/pf68.in
+++ b/regress/sbin/pfctl/pf68.in
@@ -1,48 +1,43 @@
-no scrub on lo0 inet proto tcp from 192.168.1.1 port 1024 to any port 80
-scrub proto tcp
-scrub proto tcp all
-scrub proto tcp from any to any
-scrub in proto tcp
-scrub in proto tcp all
-scrub in proto tcp all fragment crop
-scrub in proto tcp all fragment drop-ovl
-scrub in proto tcp all fragment reassemble
-scrub in proto tcp from { <regress.1> !<regress.2> } to any
-scrub in inet proto tcp from { 10.0.0.1, 10.0.0.2 } to { 10.0.0.3, 10.0.0.4 }
-scrub in log on lo0 proto tcp from any to any min-ttl 25
-scrub in log on lo0 inet6 proto tcp from { (lo1000000), (lo0) } to 2000::1
-scrub in log on {lo0 lo1000000} proto tcp from any to any
-scrub in on lo0 proto tcp all
-scrub in on lo0 proto tcp from any to any fragment reassemble max-mss 224 min-ttl 15 no-df
-scrub in on lo0 proto tcp from any to any max-mss 224
-scrub in on lo0 proto tcp from any to any max-mss 224 min-ttl 15 no-df fragment reassemble
-scrub in on lo0 proto tcp from any to any min-ttl 15 fragment drop-ovl no-df max-mss 224
-scrub in on lo0 proto tcp from any to any min-ttl 15 no-df max-mss 224
-scrub in on lo0 proto tcp from any to any no-df
-scrub in on lo0 proto tcp from any to any no-df max-mss 224 fragment crop min-ttl 15
-scrub in on lo0 proto tcp from any to any no-df max-mss 224 min-ttl 15
-scrub in on lo0 inet proto tcp from (lo0) to any
-scrub on lo0 proto tcp from any to any max-mss 224
-scrub out proto tcp
-scrub out proto tcp from any to { !<regress.1>, <regress.2> }
-scrub out log on lo1000000 proto tcp from any to 10.0.0.1 no-df max-mss 224
-scrub proto tcp random-id
+match on lo0 inet proto tcp from 192.168.1.1 port 1024 to any port 80
+match proto tcp
+match proto tcp all
+match proto tcp from any to any
+match in proto tcp
+match in proto tcp all
+match in proto tcp all scrub(reassemble tcp)
+match in proto tcp from { <regress.1> !<regress.2> } to any
+match in inet proto tcp from { 10.0.0.1, 10.0.0.2 } to { 10.0.0.3, 10.0.0.4 }
+match in log on lo0 proto tcp from any to any scrub(min-ttl 25)
+match in log on lo0 inet6 proto tcp from { (lo1000000), (lo0) } to 2000::1
+match in log on {lo0 lo1000000} proto tcp from any to any
+match in on lo0 proto tcp all
+match in on lo0 proto tcp from any to any scrub(max-mss 224 min-ttl 15 no-df)
+match in on lo0 proto tcp from any to any scrub(max-mss 224)
+match in on lo0 proto tcp from any to any scrub(min-ttl 15 no-df max-mss 224)
+match in on lo0 proto tcp from any to any scrub(no-df)
+match in on lo0 proto tcp from any to any scrub(no-df max-mss 224 min-ttl 15)
+match in on lo0 inet proto tcp from (lo0) to any
+match on lo0 proto tcp from any to any scrub(max-mss 224)
+match out proto tcp
+match out proto tcp from any to { !<regress.1>, <regress.2> }
+match out log on lo1000000 proto tcp from any to 10.0.0.1 scrub(no-df max-mss 224)
+match proto tcp scrub(random-id)
 
-scrub proto tcp from any to any port 80
-scrub in proto tcp from { <regress.1> !<regress.2> } to any port 80
-scrub in inet proto tcp from { 10.0.0.1, 10.0.0.2 } to { 10.0.0.3, 10.0.0.4 } port 80
-scrub in log on lo0 proto tcp from any to any port 80 min-ttl 25
-scrub in log on lo0 inet6 proto tcp from { (lo1000000), (lo0) } port 80 to 2000::1
-scrub in log on {lo0 lo1000000} proto tcp from any port 80 to any
-scrub in on lo0 proto tcp from any port {80, 81} to any fragment reassemble max-mss 224 min-ttl 15 no-df
-scrub in on lo0 proto tcp from any to any port 80 max-mss 224
-scrub in on lo0 proto tcp from any port 80 to any max-mss 224 min-ttl 15 no-df fragment reassemble
-scrub in on lo0 proto tcp from any port 80 to any min-ttl 15 fragment drop-ovl no-df max-mss 224
-scrub in on lo0 proto tcp from any to any port {80, 81, 82} min-ttl 15 no-df max-mss 224
-scrub in on lo0 proto tcp from any port 80 to any port 80 no-df
-scrub in on lo0 proto tcp from any port {80, 81} to any port {80, 81} no-df max-mss 224 fragment crop min-ttl 15
-scrub in on lo0 proto tcp from any to any port 83 no-df max-mss 224 min-ttl 15
-scrub in on lo0 inet proto tcp from (lo0) port 80 to any
-scrub on lo0 proto tcp from any to any port 80 max-mss 224
-scrub out proto tcp from any to { !<regress.1>, <regress.2> } port 80
-scrub out log on lo1000000 proto tcp from any to 10.0.0.1 port 80 no-df max-mss 224
+match proto tcp from any to any port 80
+match in proto tcp from { <regress.1> !<regress.2> } to any port 80
+match in inet proto tcp from { 10.0.0.1, 10.0.0.2 } to { 10.0.0.3, 10.0.0.4 } port 80
+match in log on lo0 proto tcp from any to any port 80 scrub(min-ttl 25)
+match in log on lo0 inet6 proto tcp from { (lo1000000), (lo0) } port 80 to 2000::1
+match in log on {lo0 lo1000000} proto tcp from any port 80 to any
+match in on lo0 proto tcp from any port {80, 81} to any scrub(max-mss 224 min-ttl 15 no-df)
+match in on lo0 proto tcp from any to any port 80 scrub (max-mss 224)
+match in on lo0 proto tcp from any port 80 to any scrub (max-mss 224 min-ttl 15 no-df)
+match in on lo0 proto tcp from any port 80 to any scrub(min-ttl 15 no-df max-mss 224)
+match in on lo0 proto tcp from any to any port {80, 81, 82} scrub (min-ttl 15 no-df max-mss 224)
+match in on lo0 proto tcp from any port 80 to any port 80 scrub(no-df)
+match in on lo0 proto tcp from any port {80, 81} to any port {80, 81} scrub(no-df max-mss 224 min-ttl 15)
+match in on lo0 proto tcp from any to any port 83 scrub(no-df max-mss 224 min-ttl 15)
+match in on lo0 inet proto tcp from (lo0) port 80 to any
+match on lo0 proto tcp from any to any port 80 scrub (max-mss 224)
+match out proto tcp from any to { !<regress.1>, <regress.2> } port 80
+match out log on lo1000000 proto tcp from any to 10.0.0.1 port 80 scrub (no-df max-mss 224)
diff --git a/regress/sbin/pfctl/pf68.loaded b/regress/sbin/pfctl/pf68.loaded
index 72ca67830d8..7979d1b51d2 100644
--- a/regress/sbin/pfctl/pf68.loaded
+++ b/regress/sbin/pfctl/pf68.loaded
@@ -1,268 +1,248 @@
-@0 no scrub on lo0 inet proto tcp from 192.168.1.1 port = 1024 to any port = www
-  [ Skip steps: d=4 p=end da=11 ]
+@0 match on lo0 inet proto tcp from 192.168.1.1 port = 1024 to any port = www
+  [ Skip steps: d=4 p=end da=9 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub proto tcp all fragment reassemble
-  [ Skip steps: i=15 d=4 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@1 match proto tcp all
+  [ Skip steps: i=13 d=4 f=9 p=end sa=7 sp=39 da=9 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub proto tcp all fragment reassemble
-  [ Skip steps: i=15 d=4 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@2 match proto tcp all
+  [ Skip steps: i=13 d=4 f=9 p=end sa=7 sp=39 da=9 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub proto tcp all fragment reassemble
-  [ Skip steps: i=15 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@3 match proto tcp all
+  [ Skip steps: i=13 f=9 p=end sa=7 sp=39 da=9 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 scrub in proto tcp all fragment reassemble
-  [ Skip steps: i=15 d=30 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@4 match in proto tcp all
+  [ Skip steps: i=13 d=25 f=9 p=end sa=7 sp=39 da=9 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 scrub in proto tcp all fragment reassemble
-  [ Skip steps: i=15 d=30 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@5 match in proto tcp all
+  [ Skip steps: i=13 d=25 f=9 p=end sa=7 sp=39 da=9 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@6 scrub in proto tcp all fragment crop
-  [ Skip steps: i=15 d=30 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@6 match in proto tcp all
+  [ Skip steps: i=13 d=25 f=9 p=end sp=39 da=9 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@7 scrub in proto tcp all fragment drop-ovl
-  [ Skip steps: i=15 d=30 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@7 match in proto tcp from <regress.1:*> to any
+  [ Skip steps: i=13 d=25 f=9 p=end sp=39 da=9 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@8 scrub in proto tcp all fragment reassemble
-  [ Skip steps: i=15 d=30 f=11 p=end sp=44 da=11 dp=36 ]
+@8 match in proto tcp from ! <regress.2:*> to any
+  [ Skip steps: i=13 d=25 p=end sp=39 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@9 scrub in proto tcp from <regress.1:*> to any fragment reassemble
-  [ Skip steps: i=15 d=30 f=11 p=end sp=44 da=11 dp=36 ]
+@9 match in inet proto tcp from 10.0.0.1 to 10.0.0.3
+  [ Skip steps: i=13 d=25 f=13 p=end sa=11 sp=39 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@10 scrub in proto tcp from ! <regress.2:*> to any fragment reassemble
-  [ Skip steps: i=15 d=30 p=end sp=44 dp=36 ]
+@10 match in inet proto tcp from 10.0.0.1 to 10.0.0.4
+  [ Skip steps: i=13 d=25 f=13 p=end sp=39 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@11 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 fragment reassemble
-  [ Skip steps: i=15 d=30 f=15 p=end sa=13 sp=44 dp=36 ]
+@11 match in inet proto tcp from 10.0.0.2 to 10.0.0.3
+  [ Skip steps: i=13 d=25 f=13 p=end sa=13 sp=39 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@12 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 fragment reassemble
-  [ Skip steps: i=15 d=30 f=15 p=end sp=44 dp=36 ]
+@12 match in inet proto tcp from 10.0.0.2 to 10.0.0.4
+  [ Skip steps: d=25 p=end sp=39 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@13 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 fragment reassemble
-  [ Skip steps: i=15 d=30 f=15 p=end sa=15 sp=44 dp=36 ]
+@13 match in log on lo0 proto tcp all scrub (min-ttl 25)
+  [ Skip steps: i=17 d=25 p=end sp=39 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@14 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 fragment reassemble
-  [ Skip steps: d=30 p=end sp=44 dp=36 ]
+@14 match in log on lo0 inet6 proto tcp from (lo1000000:*) to 2000::1
+  [ Skip steps: i=17 d=25 f=16 p=end sp=39 da=16 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@15 scrub in log on lo0 proto tcp all min-ttl 25 fragment reassemble
-  [ Skip steps: i=19 d=30 p=end sp=44 dp=36 ]
+@15 match in log on lo0 inet6 proto tcp from (lo0:2) to 2000::1
+  [ Skip steps: i=17 d=25 p=end sp=39 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@16 scrub in log on lo0 inet6 proto tcp from (lo1000000:*) to 2000::1 fragment reassemble
-  [ Skip steps: i=19 d=30 f=18 p=end sp=44 da=18 dp=36 ]
+@16 match in log on lo0 proto tcp all
+  [ Skip steps: d=25 f=24 p=end sa=24 sp=39 da=27 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@17 scrub in log on lo0 inet6 proto tcp from (lo0:2) to 2000::1 fragment reassemble
-  [ Skip steps: i=19 d=30 p=end sp=44 dp=36 ]
+@17 match in log on lo1000000 proto tcp all
+  [ Skip steps: d=25 f=24 p=end sa=24 sp=39 da=27 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@18 scrub in log on lo0 proto tcp all fragment reassemble
-  [ Skip steps: d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@18 match in on lo0 proto tcp all
+  [ Skip steps: i=26 d=25 f=24 p=end sa=24 sp=39 da=27 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@19 scrub in log on lo1000000 proto tcp all fragment reassemble
-  [ Skip steps: d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@19 match in on lo0 proto tcp all scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=26 d=25 f=24 p=end sa=24 sp=39 da=27 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@20 scrub in on lo0 proto tcp all fragment reassemble
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@20 match in on lo0 proto tcp all scrub (max-mss 224)
+  [ Skip steps: i=26 d=25 f=24 p=end sa=24 sp=39 da=27 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@21 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@21 match in on lo0 proto tcp all scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=26 d=25 f=24 p=end sa=24 sp=39 da=27 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@22 scrub in on lo0 proto tcp all max-mss 224 fragment reassemble
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@22 match in on lo0 proto tcp all scrub (no-df)
+  [ Skip steps: i=26 d=25 f=24 p=end sa=24 sp=39 da=27 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@23 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@23 match in on lo0 proto tcp all scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=26 d=25 p=end sp=39 da=27 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@24 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment drop-ovl
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@24 match in on lo0 inet proto tcp from (lo0:1) to any
+  [ Skip steps: i=26 p=end sp=39 da=27 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@25 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@25 match on lo0 proto tcp all scrub (max-mss 224)
+  [ Skip steps: f=29 p=end sa=32 sp=39 da=27 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@26 scrub in on lo0 proto tcp all no-df fragment reassemble
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@26 match out proto tcp all
+  [ Skip steps: i=29 d=30 f=29 p=end sa=32 sp=39 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@27 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment crop
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@27 match out proto tcp from any to ! <regress.1:*>
+  [ Skip steps: i=29 d=30 f=29 p=end sa=32 sp=39 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@28 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=31 d=30 p=end sp=44 da=32 dp=36 ]
+@28 match out proto tcp from any to <regress.2:*>
+  [ Skip steps: d=30 p=end sa=32 sp=39 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@29 scrub in on lo0 inet proto tcp from (lo0:1) to any fragment reassemble
-  [ Skip steps: i=31 p=end sp=44 da=32 dp=36 ]
+@29 match out log on lo1000000 inet proto tcp from any to 10.0.0.1 scrub (no-df max-mss 224)
+  [ Skip steps: p=end sa=32 sp=39 dp=31 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@30 scrub on lo0 proto tcp all max-mss 224 fragment reassemble
-  [ Skip steps: f=34 p=end sa=37 sp=44 da=32 dp=36 ]
+@30 match proto tcp all scrub (random-id)
+  [ Skip steps: i=38 d=32 f=34 p=end sa=32 sp=39 da=34 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@31 scrub out proto tcp all fragment reassemble
-  [ Skip steps: i=34 d=35 f=34 p=end sa=37 sp=44 dp=36 ]
+@31 match proto tcp from any to any port = www
+  [ Skip steps: i=38 f=34 p=end sp=39 da=34 dp=39 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@32 scrub out proto tcp from any to ! <regress.1:*> fragment reassemble
-  [ Skip steps: i=34 d=35 f=34 p=end sa=37 sp=44 dp=36 ]
+@32 match in proto tcp from <regress.1:*> to any port = www
+  [ Skip steps: i=38 d=58 f=34 p=end sp=39 da=34 dp=39 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@33 scrub out proto tcp from any to <regress.2:*> fragment reassemble
-  [ Skip steps: d=35 p=end sa=37 sp=44 dp=36 ]
+@33 match in proto tcp from ! <regress.2:*> to any port = www
+  [ Skip steps: i=38 d=58 p=end sp=39 dp=39 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@34 scrub out log on lo1000000 inet proto tcp from any to 10.0.0.1 no-df max-mss 224 fragment reassemble
-  [ Skip steps: p=end sa=37 sp=44 dp=36 ]
+@34 match in inet proto tcp from 10.0.0.1 to 10.0.0.3 port = www
+  [ Skip steps: i=38 d=58 f=38 p=end sa=36 sp=39 dp=39 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@35 scrub proto tcp all random-id fragment reassemble
-  [ Skip steps: i=43 d=37 f=39 p=end sa=37 sp=44 da=39 ]
+@35 match in inet proto tcp from 10.0.0.1 to 10.0.0.4 port = www
+  [ Skip steps: i=38 d=58 f=38 p=end sp=39 dp=39 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@36 scrub proto tcp from any to any port = www fragment reassemble
-  [ Skip steps: i=43 f=39 p=end sp=44 da=39 dp=44 ]
+@36 match in inet proto tcp from 10.0.0.2 to 10.0.0.3 port = www
+  [ Skip steps: i=38 d=58 f=38 p=end sa=38 sp=39 dp=39 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@37 scrub in proto tcp from <regress.1:*> to any port = www fragment reassemble
-  [ Skip steps: i=43 d=63 f=39 p=end sp=44 da=39 dp=44 ]
+@37 match in inet proto tcp from 10.0.0.2 to 10.0.0.4 port = www
+  [ Skip steps: d=58 p=end sp=39 dp=39 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@38 scrub in proto tcp from ! <regress.2:*> to any port = www fragment reassemble
-  [ Skip steps: i=43 d=63 p=end sp=44 dp=44 ]
+@38 match in log on lo0 proto tcp from any to any port = www scrub (min-ttl 25)
+  [ Skip steps: i=42 d=58 p=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@39 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 port = www fragment reassemble
-  [ Skip steps: i=43 d=63 f=43 p=end sa=41 sp=44 dp=44 ]
+@39 match in log on lo0 inet6 proto tcp from (lo1000000:*) port = www to 2000::1
+  [ Skip steps: i=42 d=58 f=41 p=end sp=44 da=41 dp=45 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@40 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 port = www fragment reassemble
-  [ Skip steps: i=43 d=63 f=43 p=end sp=44 dp=44 ]
+@40 match in log on lo0 inet6 proto tcp from (lo0:2) port = www to 2000::1
+  [ Skip steps: i=42 d=58 p=end sp=44 dp=45 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@41 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 port = www fragment reassemble
-  [ Skip steps: i=43 d=63 f=43 p=end sa=43 sp=44 dp=44 ]
+@41 match in log on lo0 proto tcp from any port = www to any
+  [ Skip steps: d=58 f=57 p=end sa=57 sp=44 da=59 dp=45 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@42 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 port = www fragment reassemble
-  [ Skip steps: d=63 p=end sp=44 dp=44 ]
+@42 match in log on lo1000000 proto tcp from any port = www to any
+  [ Skip steps: d=58 f=57 p=end sa=57 sp=44 da=59 dp=45 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@43 scrub in log on lo0 proto tcp from any to any port = www min-ttl 25 fragment reassemble
-  [ Skip steps: i=47 d=63 p=end ]
+@43 match in on lo0 proto tcp from any port = www to any scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 da=59 dp=45 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@44 scrub in log on lo0 inet6 proto tcp from (lo1000000:*) port = www to 2000::1 fragment reassemble
-  [ Skip steps: i=47 d=63 f=46 p=end sp=49 da=46 dp=50 ]
+@44 match in on lo0 proto tcp from any port = 81 to any scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 da=59 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@45 scrub in log on lo0 inet6 proto tcp from (lo0:2) port = www to 2000::1 fragment reassemble
-  [ Skip steps: i=47 d=63 p=end sp=49 dp=50 ]
+@45 match in on lo0 proto tcp from any to any port = www scrub (max-mss 224)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 da=59 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@46 scrub in log on lo0 proto tcp from any port = www to any fragment reassemble
-  [ Skip steps: d=63 f=62 p=end sa=62 sp=49 da=64 dp=50 ]
+@46 match in on lo0 proto tcp from any port = www to any scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 sp=48 da=59 dp=48 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@47 scrub in log on lo1000000 proto tcp from any port = www to any fragment reassemble
-  [ Skip steps: d=63 f=62 p=end sa=62 sp=49 da=64 dp=50 ]
+@47 match in on lo0 proto tcp from any port = www to any scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 da=59 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@48 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 dp=50 ]
+@48 match in on lo0 proto tcp from any to any port = www scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 sp=51 da=59 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@49 scrub in on lo0 proto tcp from any port = 81 to any no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 ]
+@49 match in on lo0 proto tcp from any to any port = 81 scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 sp=51 da=59 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@50 scrub in on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 ]
+@50 match in on lo0 proto tcp from any to any port = 82 scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 da=59 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@51 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 sp=53 da=64 dp=53 ]
+@51 match in on lo0 proto tcp from any port = www to any port = www scrub (no-df)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 sp=54 da=59 dp=53 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@52 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment drop-ovl
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 ]
+@52 match in on lo0 proto tcp from any port = www to any port = www scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 sp=54 da=59 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@53 scrub in on lo0 proto tcp from any to any port = www no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 sp=56 da=64 ]
+@53 match in on lo0 proto tcp from any port = www to any port = 81 scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 da=59 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@54 scrub in on lo0 proto tcp from any to any port = 81 no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 sp=56 da=64 ]
+@54 match in on lo0 proto tcp from any port = 81 to any port = www scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 sp=56 da=59 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@55 scrub in on lo0 proto tcp from any to any port = 82 no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 ]
+@55 match in on lo0 proto tcp from any port = 81 to any port = 81 scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=59 d=58 f=57 p=end sa=57 da=59 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@56 scrub in on lo0 proto tcp from any port = www to any port = www no-df fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 sp=59 da=64 dp=58 ]
+@56 match in on lo0 proto tcp from any to any port = 83 scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=59 d=58 p=end da=59 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@57 scrub in on lo0 proto tcp from any port = www to any port = www no-df min-ttl 15 max-mss 224 fragment crop
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 sp=59 da=64 ]
+@57 match in on lo0 inet proto tcp from (lo0:1) port = www to any
+  [ Skip steps: i=59 p=end da=59 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@58 scrub in on lo0 proto tcp from any port = www to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 ]
+@58 match on lo0 proto tcp from any to any port = www scrub (max-mss 224)
+  [ Skip steps: f=61 p=end sa=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@59 scrub in on lo0 proto tcp from any port = 81 to any port = www no-df min-ttl 15 max-mss 224 fragment crop
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 sp=61 da=64 ]
+@59 match out proto tcp from any to ! <regress.1:*> port = www
+  [ Skip steps: i=61 d=end f=61 p=end sa=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@60 scrub in on lo0 proto tcp from any port = 81 to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@61 scrub in on lo0 proto tcp from any to any port = 83 no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 p=end da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@62 scrub in on lo0 inet proto tcp from (lo0:1) port = www to any fragment reassemble
-  [ Skip steps: i=64 p=end da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@63 scrub on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble
-  [ Skip steps: f=66 p=end sa=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@64 scrub out proto tcp from any to ! <regress.1:*> port = www fragment reassemble
-  [ Skip steps: i=66 d=end f=66 p=end sa=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@65 scrub out proto tcp from any to <regress.2:*> port = www fragment reassemble
+@60 match out proto tcp from any to <regress.2:*> port = www
   [ Skip steps: d=end p=end sa=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@66 scrub out log on lo1000000 inet proto tcp from any to 10.0.0.1 port = www no-df max-mss 224 fragment reassemble
+@61 match out log on lo1000000 inet proto tcp from any to 10.0.0.1 port = www scrub (no-df max-mss 224)
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf68.ok b/regress/sbin/pfctl/pf68.ok
index cec405c7ad0..598b94217b1 100644
--- a/regress/sbin/pfctl/pf68.ok
+++ b/regress/sbin/pfctl/pf68.ok
@@ -1,67 +1,62 @@
-no scrub on lo0 inet proto tcp from 192.168.1.1 port = 1024 to any port = www
-scrub proto tcp all fragment reassemble
-scrub proto tcp all fragment reassemble
-scrub proto tcp all fragment reassemble
-scrub in proto tcp all fragment reassemble
-scrub in proto tcp all fragment reassemble
-scrub in proto tcp all fragment crop
-scrub in proto tcp all fragment drop-ovl
-scrub in proto tcp all fragment reassemble
-scrub in proto tcp from <regress.1> to any fragment reassemble
-scrub in proto tcp from ! <regress.2> to any fragment reassemble
-scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 fragment reassemble
-scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 fragment reassemble
-scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 fragment reassemble
-scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 fragment reassemble
-scrub in log on lo0 proto tcp all min-ttl 25 fragment reassemble
-scrub in log on lo0 inet6 proto tcp from (lo1000000) to 2000::1 fragment reassemble
-scrub in log on lo0 inet6 proto tcp from (lo0) to 2000::1 fragment reassemble
-scrub in log on lo0 proto tcp all fragment reassemble
-scrub in log on lo1000000 proto tcp all fragment reassemble
-scrub in on lo0 proto tcp all fragment reassemble
-scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 proto tcp all max-mss 224 fragment reassemble
-scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment drop-ovl
-scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 proto tcp all no-df fragment reassemble
-scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment crop
-scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 inet proto tcp from (lo0) to any fragment reassemble
-scrub on lo0 proto tcp all max-mss 224 fragment reassemble
-scrub out proto tcp all fragment reassemble
-scrub out proto tcp from any to ! <regress.1> fragment reassemble
-scrub out proto tcp from any to <regress.2> fragment reassemble
-scrub out log on lo1000000 inet proto tcp from any to 10.0.0.1 no-df max-mss 224 fragment reassemble
-scrub proto tcp all random-id fragment reassemble
-scrub proto tcp from any to any port = www fragment reassemble
-scrub in proto tcp from <regress.1> to any port = www fragment reassemble
-scrub in proto tcp from ! <regress.2> to any port = www fragment reassemble
-scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 port = www fragment reassemble
-scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 port = www fragment reassemble
-scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 port = www fragment reassemble
-scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 port = www fragment reassemble
-scrub in log on lo0 proto tcp from any to any port = www min-ttl 25 fragment reassemble
-scrub in log on lo0 inet6 proto tcp from (lo1000000) port = www to 2000::1 fragment reassemble
-scrub in log on lo0 inet6 proto tcp from (lo0) port = www to 2000::1 fragment reassemble
-scrub in log on lo0 proto tcp from any port = www to any fragment reassemble
-scrub in log on lo1000000 proto tcp from any port = www to any fragment reassemble
-scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 proto tcp from any port = 81 to any no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble
-scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment drop-ovl
-scrub in on lo0 proto tcp from any to any port = www no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 proto tcp from any to any port = 81 no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 proto tcp from any to any port = 82 no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 proto tcp from any port = www to any port = www no-df fragment reassemble
-scrub in on lo0 proto tcp from any port = www to any port = www no-df min-ttl 15 max-mss 224 fragment crop
-scrub in on lo0 proto tcp from any port = www to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop
-scrub in on lo0 proto tcp from any port = 81 to any port = www no-df min-ttl 15 max-mss 224 fragment crop
-scrub in on lo0 proto tcp from any port = 81 to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop
-scrub in on lo0 proto tcp from any to any port = 83 no-df min-ttl 15 max-mss 224 fragment reassemble
-scrub in on lo0 inet proto tcp from (lo0) port = www to any fragment reassemble
-scrub on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble
-scrub out proto tcp from any to ! <regress.1> port = www fragment reassemble
-scrub out proto tcp from any to <regress.2> port = www fragment reassemble
-scrub out log on lo1000000 inet proto tcp from any to 10.0.0.1 port = www no-df max-mss 224 fragment reassemble
+match on lo0 inet proto tcp from 192.168.1.1 port = 1024 to any port = www
+match proto tcp all
+match proto tcp all
+match proto tcp all
+match in proto tcp all
+match in proto tcp all
+match in proto tcp all
+match in proto tcp from <regress.1> to any
+match in proto tcp from ! <regress.2> to any
+match in inet proto tcp from 10.0.0.1 to 10.0.0.3
+match in inet proto tcp from 10.0.0.1 to 10.0.0.4
+match in inet proto tcp from 10.0.0.2 to 10.0.0.3
+match in inet proto tcp from 10.0.0.2 to 10.0.0.4
+match in log on lo0 proto tcp all scrub (min-ttl 25)
+match in log on lo0 inet6 proto tcp from (lo1000000) to 2000::1
+match in log on lo0 inet6 proto tcp from (lo0) to 2000::1
+match in log on lo0 proto tcp all
+match in log on lo1000000 proto tcp all
+match in on lo0 proto tcp all
+match in on lo0 proto tcp all scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp all scrub (max-mss 224)
+match in on lo0 proto tcp all scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp all scrub (no-df)
+match in on lo0 proto tcp all scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 inet proto tcp from (lo0) to any
+match on lo0 proto tcp all scrub (max-mss 224)
+match out proto tcp all
+match out proto tcp from any to ! <regress.1>
+match out proto tcp from any to <regress.2>
+match out log on lo1000000 inet proto tcp from any to 10.0.0.1 scrub (no-df max-mss 224)
+match proto tcp all scrub (random-id)
+match proto tcp from any to any port = www
+match in proto tcp from <regress.1> to any port = www
+match in proto tcp from ! <regress.2> to any port = www
+match in inet proto tcp from 10.0.0.1 to 10.0.0.3 port = www
+match in inet proto tcp from 10.0.0.1 to 10.0.0.4 port = www
+match in inet proto tcp from 10.0.0.2 to 10.0.0.3 port = www
+match in inet proto tcp from 10.0.0.2 to 10.0.0.4 port = www
+match in log on lo0 proto tcp from any to any port = www scrub (min-ttl 25)
+match in log on lo0 inet6 proto tcp from (lo1000000) port = www to 2000::1
+match in log on lo0 inet6 proto tcp from (lo0) port = www to 2000::1
+match in log on lo0 proto tcp from any port = www to any
+match in log on lo1000000 proto tcp from any port = www to any
+match in on lo0 proto tcp from any port = www to any scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp from any port = 81 to any scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp from any to any port = www scrub (max-mss 224)
+match in on lo0 proto tcp from any port = www to any scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp from any port = www to any scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp from any to any port = www scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp from any to any port = 81 scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp from any to any port = 82 scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp from any port = www to any port = www scrub (no-df)
+match in on lo0 proto tcp from any port = www to any port = www scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp from any port = www to any port = 81 scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp from any port = 81 to any port = www scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp from any port = 81 to any port = 81 scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 proto tcp from any to any port = 83 scrub (no-df min-ttl 15 max-mss 224)
+match in on lo0 inet proto tcp from (lo0) port = www to any
+match on lo0 proto tcp from any to any port = www scrub (max-mss 224)
+match out proto tcp from any to ! <regress.1> port = www
+match out proto tcp from any to <regress.2> port = www
+match out log on lo1000000 inet proto tcp from any to 10.0.0.1 port = www scrub (no-df max-mss 224)
diff --git a/regress/sbin/pfctl/pf68.optimized b/regress/sbin/pfctl/pf68.optimized
index 72ca67830d8..86ec7173eff 100644
--- a/regress/sbin/pfctl/pf68.optimized
+++ b/regress/sbin/pfctl/pf68.optimized
@@ -1,268 +1,124 @@
-@0 no scrub on lo0 inet proto tcp from 192.168.1.1 port = 1024 to any port = www
-  [ Skip steps: d=4 p=end da=11 ]
+@0 match proto tcp all
+  [ Skip steps: i=2 f=11 p=end sp=16 da=9 dp=13 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub proto tcp all fragment reassemble
-  [ Skip steps: i=15 d=4 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@1 match in proto tcp from ! <regress.2:*> to any
+  [ Skip steps: d=8 f=11 p=end sp=16 da=9 dp=13 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub proto tcp all fragment reassemble
-  [ Skip steps: i=15 d=4 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@2 match in log on lo0 proto tcp all scrub (min-ttl 25)
+  [ Skip steps: d=8 f=11 p=end sa=14 sp=16 da=9 dp=13 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub proto tcp all fragment reassemble
-  [ Skip steps: i=15 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@3 match in log on lo1000000 proto tcp all
+  [ Skip steps: d=8 f=11 p=end sa=14 sp=16 da=9 dp=13 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 scrub in proto tcp all fragment reassemble
-  [ Skip steps: i=15 d=30 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@4 match in on lo0 proto tcp all
+  [ Skip steps: i=8 d=8 f=11 p=end sa=14 sp=16 da=9 dp=13 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 scrub in proto tcp all fragment reassemble
-  [ Skip steps: i=15 d=30 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@5 match in on lo0 proto tcp all scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=8 d=8 f=11 p=end sa=14 sp=16 da=9 dp=13 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@6 scrub in proto tcp all fragment crop
-  [ Skip steps: i=15 d=30 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@6 match in on lo0 proto tcp all scrub (max-mss 224)
+  [ Skip steps: i=8 d=8 f=11 p=end sa=14 sp=16 da=9 dp=13 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@7 scrub in proto tcp all fragment drop-ovl
-  [ Skip steps: i=15 d=30 f=11 p=end sa=9 sp=44 da=11 dp=36 ]
+@7 match in on lo0 proto tcp all scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: f=11 p=end sa=14 sp=16 da=9 dp=13 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@8 scrub in proto tcp all fragment reassemble
-  [ Skip steps: i=15 d=30 f=11 p=end sp=44 da=11 dp=36 ]
+@8 match out proto tcp all
+  [ Skip steps: i=10 d=10 f=11 p=end sa=14 sp=16 dp=13 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@9 scrub in proto tcp from <regress.1:*> to any fragment reassemble
-  [ Skip steps: i=15 d=30 f=11 p=end sp=44 da=11 dp=36 ]
+@9 match out proto tcp from any to ! <regress.1:*>
+  [ Skip steps: f=11 p=end sa=14 sp=16 dp=13 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@10 scrub in proto tcp from ! <regress.2:*> to any fragment reassemble
-  [ Skip steps: i=15 d=30 p=end sp=44 dp=36 ]
+@10 match on lo0 proto tcp all scrub (max-mss 224)
+  [ Skip steps: p=end sa=14 sp=16 dp=13 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@11 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 fragment reassemble
-  [ Skip steps: i=15 d=30 f=15 p=end sa=13 sp=44 dp=36 ]
+@11 match out log on lo1000000 inet proto tcp from any to 10.0.0.1 scrub (no-df max-mss 224)
+  [ Skip steps: p=end sa=14 sp=16 dp=13 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@12 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 fragment reassemble
-  [ Skip steps: i=15 d=30 f=15 p=end sp=44 dp=36 ]
+@12 match proto tcp all scrub (random-id)
+  [ Skip steps: i=15 d=14 f=29 p=end sa=14 sp=16 da=26 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@13 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 fragment reassemble
-  [ Skip steps: i=15 d=30 f=15 p=end sa=15 sp=44 dp=36 ]
+@13 match proto tcp from any to any port = www
+  [ Skip steps: i=15 f=29 p=end sp=16 da=26 dp=16 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@14 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 fragment reassemble
-  [ Skip steps: d=30 p=end sp=44 dp=36 ]
+@14 match in proto tcp from ! <regress.2:*> to any port = www
+  [ Skip steps: d=26 f=29 p=end sp=16 da=26 dp=16 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@15 scrub in log on lo0 proto tcp all min-ttl 25 fragment reassemble
-  [ Skip steps: i=19 d=30 p=end sp=44 dp=36 ]
+@15 match in log on lo0 proto tcp from any to any port = www scrub (min-ttl 25)
+  [ Skip steps: i=17 d=26 f=29 p=end sa=29 da=26 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@16 scrub in log on lo0 inet6 proto tcp from (lo1000000:*) to 2000::1 fragment reassemble
-  [ Skip steps: i=19 d=30 f=18 p=end sp=44 da=18 dp=36 ]
+@16 match in log on lo0 proto tcp from any port = www to any
+  [ Skip steps: d=26 f=29 p=end sa=29 sp=19 da=26 dp=20 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@17 scrub in log on lo0 inet6 proto tcp from (lo0:2) to 2000::1 fragment reassemble
-  [ Skip steps: i=19 d=30 p=end sp=44 dp=36 ]
+@17 match in log on lo1000000 proto tcp from any port = www to any
+  [ Skip steps: d=26 f=29 p=end sa=29 sp=19 da=26 dp=20 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@18 scrub in log on lo0 proto tcp all fragment reassemble
-  [ Skip steps: d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@18 match in on lo0 proto tcp from any port = www to any scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=26 d=26 f=29 p=end sa=29 da=26 dp=20 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@19 scrub in log on lo1000000 proto tcp all fragment reassemble
-  [ Skip steps: d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@19 match in on lo0 proto tcp from any port = 81 to any scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=26 d=26 f=29 p=end sa=29 da=26 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@20 scrub in on lo0 proto tcp all fragment reassemble
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@20 match in on lo0 proto tcp from any to any port = www scrub (max-mss 224)
+  [ Skip steps: i=26 d=26 f=29 p=end sa=29 da=26 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@21 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@21 match in on lo0 proto tcp from any port = www to any scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=26 d=26 f=29 p=end sa=29 da=26 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@22 scrub in on lo0 proto tcp all max-mss 224 fragment reassemble
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@22 match in on lo0 proto tcp from any to any port = www scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=26 d=26 f=29 p=end sa=29 sp=29 da=26 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@23 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@23 match in on lo0 proto tcp from any to any port = 81 scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=26 d=26 f=29 p=end sa=29 sp=29 da=26 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@24 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment drop-ovl
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@24 match in on lo0 proto tcp from any to any port = 82 scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: i=26 d=26 f=29 p=end sa=29 sp=29 da=26 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@25 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@25 match in on lo0 proto tcp from any to any port = 83 scrub (no-df min-ttl 15 max-mss 224)
+  [ Skip steps: f=29 p=end sa=29 sp=29 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@26 scrub in on lo0 proto tcp all no-df fragment reassemble
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@26 match out proto tcp from any to ! <regress.1:*> port = www
+  [ Skip steps: i=28 d=28 f=29 p=end sa=29 sp=29 dp=29 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@27 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment crop
-  [ Skip steps: i=31 d=30 f=29 p=end sa=29 sp=44 da=32 dp=36 ]
+@27 match out proto tcp from any to <regress.2:*> port = www
+  [ Skip steps: f=29 p=end sa=29 sp=29 dp=29 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@28 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=31 d=30 p=end sp=44 da=32 dp=36 ]
+@28 match on lo0 proto tcp from any to any port = www scrub (max-mss 224)
+  [ Skip steps: i=30 p=end da=30 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@29 scrub in on lo0 inet proto tcp from (lo0:1) to any fragment reassemble
-  [ Skip steps: i=31 p=end sp=44 da=32 dp=36 ]
+@29 match in on lo0 inet proto tcp from (lo0:1) port = www to any
+  [ Skip steps: f=end p=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@30 scrub on lo0 proto tcp all max-mss 224 fragment reassemble
-  [ Skip steps: f=34 p=end sa=37 sp=44 da=32 dp=36 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@31 scrub out proto tcp all fragment reassemble
-  [ Skip steps: i=34 d=35 f=34 p=end sa=37 sp=44 dp=36 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@32 scrub out proto tcp from any to ! <regress.1:*> fragment reassemble
-  [ Skip steps: i=34 d=35 f=34 p=end sa=37 sp=44 dp=36 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@33 scrub out proto tcp from any to <regress.2:*> fragment reassemble
-  [ Skip steps: d=35 p=end sa=37 sp=44 dp=36 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@34 scrub out log on lo1000000 inet proto tcp from any to 10.0.0.1 no-df max-mss 224 fragment reassemble
-  [ Skip steps: p=end sa=37 sp=44 dp=36 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@35 scrub proto tcp all random-id fragment reassemble
-  [ Skip steps: i=43 d=37 f=39 p=end sa=37 sp=44 da=39 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@36 scrub proto tcp from any to any port = www fragment reassemble
-  [ Skip steps: i=43 f=39 p=end sp=44 da=39 dp=44 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@37 scrub in proto tcp from <regress.1:*> to any port = www fragment reassemble
-  [ Skip steps: i=43 d=63 f=39 p=end sp=44 da=39 dp=44 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@38 scrub in proto tcp from ! <regress.2:*> to any port = www fragment reassemble
-  [ Skip steps: i=43 d=63 p=end sp=44 dp=44 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@39 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 port = www fragment reassemble
-  [ Skip steps: i=43 d=63 f=43 p=end sa=41 sp=44 dp=44 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@40 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 port = www fragment reassemble
-  [ Skip steps: i=43 d=63 f=43 p=end sp=44 dp=44 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@41 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 port = www fragment reassemble
-  [ Skip steps: i=43 d=63 f=43 p=end sa=43 sp=44 dp=44 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@42 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 port = www fragment reassemble
-  [ Skip steps: d=63 p=end sp=44 dp=44 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@43 scrub in log on lo0 proto tcp from any to any port = www min-ttl 25 fragment reassemble
-  [ Skip steps: i=47 d=63 p=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@44 scrub in log on lo0 inet6 proto tcp from (lo1000000:*) port = www to 2000::1 fragment reassemble
-  [ Skip steps: i=47 d=63 f=46 p=end sp=49 da=46 dp=50 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@45 scrub in log on lo0 inet6 proto tcp from (lo0:2) port = www to 2000::1 fragment reassemble
-  [ Skip steps: i=47 d=63 p=end sp=49 dp=50 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@46 scrub in log on lo0 proto tcp from any port = www to any fragment reassemble
-  [ Skip steps: d=63 f=62 p=end sa=62 sp=49 da=64 dp=50 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@47 scrub in log on lo1000000 proto tcp from any port = www to any fragment reassemble
-  [ Skip steps: d=63 f=62 p=end sa=62 sp=49 da=64 dp=50 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@48 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 dp=50 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@49 scrub in on lo0 proto tcp from any port = 81 to any no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@50 scrub in on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@51 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 sp=53 da=64 dp=53 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@52 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment drop-ovl
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@53 scrub in on lo0 proto tcp from any to any port = www no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 sp=56 da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@54 scrub in on lo0 proto tcp from any to any port = 81 no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 sp=56 da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@55 scrub in on lo0 proto tcp from any to any port = 82 no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@56 scrub in on lo0 proto tcp from any port = www to any port = www no-df fragment reassemble
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 sp=59 da=64 dp=58 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@57 scrub in on lo0 proto tcp from any port = www to any port = www no-df min-ttl 15 max-mss 224 fragment crop
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 sp=59 da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@58 scrub in on lo0 proto tcp from any port = www to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@59 scrub in on lo0 proto tcp from any port = 81 to any port = www no-df min-ttl 15 max-mss 224 fragment crop
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 sp=61 da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@60 scrub in on lo0 proto tcp from any port = 81 to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop
-  [ Skip steps: i=64 d=63 f=62 p=end sa=62 da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@61 scrub in on lo0 proto tcp from any to any port = 83 no-df min-ttl 15 max-mss 224 fragment reassemble
-  [ Skip steps: i=64 d=63 p=end da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@62 scrub in on lo0 inet proto tcp from (lo0:1) port = www to any fragment reassemble
-  [ Skip steps: i=64 p=end da=64 ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@63 scrub on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble
-  [ Skip steps: f=66 p=end sa=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@64 scrub out proto tcp from any to ! <regress.1:*> port = www fragment reassemble
-  [ Skip steps: i=66 d=end f=66 p=end sa=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@65 scrub out proto tcp from any to <regress.2:*> port = www fragment reassemble
-  [ Skip steps: d=end p=end sa=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@66 scrub out log on lo1000000 inet proto tcp from any to 10.0.0.1 port = www no-df max-mss 224 fragment reassemble
+@30 match out log on lo1000000 inet proto tcp from any to 10.0.0.1 port = www scrub (no-df max-mss 224)
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf73.in b/regress/sbin/pfctl/pf73.in
index 2a60c440c0d..a50577fd67b 100644
--- a/regress/sbin/pfctl/pf73.in
+++ b/regress/sbin/pfctl/pf73.in
@@ -1,13 +1 @@
-scrub proto tcp reassemble tcp
-scrub proto tcp all reassemble tcp
-scrub proto tcp from any to any reassemble tcp
-scrub proto tcp all fragment crop reassemble tcp
-scrub proto tcp all fragment drop-ovl reassemble tcp
-scrub proto tcp all reassemble tcp fragment reassemble
-scrub proto tcp from { <regress.1> !<regress.2> } to any reassemble tcp
-scrub inet proto tcp from { 10.0.0.1, 10.0.0.2 } to { 10.0.0.3, 10.0.0.4 } reassemble tcp
-scrub log on lo0 proto tcp from any to any min-ttl 25 reassemble tcp
-scrub log on lo0 inet6 proto tcp from { (lo1000000), (lo0) } to 2000::1 reassemble tcp
-scrub log on {lo0 lo1000000} proto tcp from any to any reassemble tcp
-scrub on lo0 proto tcp all reassemble tcp
-scrub on lo0 proto tcp from any to any fragment reassemble max-mss 224 min-ttl 15 no-df reassemble tcp
+pass proto tcp scrub(reassemble tcp)
diff --git a/regress/sbin/pfctl/pf73.loaded b/regress/sbin/pfctl/pf73.loaded
index eab606d6bb5..d8983907b08 100644
--- a/regress/sbin/pfctl/pf73.loaded
+++ b/regress/sbin/pfctl/pf73.loaded
@@ -1,76 +1,4 @@
-@0 scrub proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub proto tcp all reassemble tcp fragment crop
-  [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 scrub proto tcp all reassemble tcp fragment drop-ovl
-  [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 scrub proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=8 p=end sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@6 scrub proto tcp from <regress.1:*> to any reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=8 p=end sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@7 scrub proto tcp from ! <regress.2:*> to any reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end p=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@8 scrub inet proto tcp from 10.0.0.1 to 10.0.0.3 reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=12 p=end sa=10 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@9 scrub inet proto tcp from 10.0.0.1 to 10.0.0.4 reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=12 p=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@10 scrub inet proto tcp from 10.0.0.2 to 10.0.0.3 reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=12 p=end sa=12 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@11 scrub inet proto tcp from 10.0.0.2 to 10.0.0.4 reassemble tcp fragment reassemble
-  [ Skip steps: d=end p=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@12 scrub log on lo0 proto tcp all min-ttl 25 reassemble tcp fragment reassemble
-  [ Skip steps: i=16 d=end p=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@13 scrub log on lo0 inet6 proto tcp from (lo1000000:*) to 2000::1 reassemble tcp fragment reassemble
-  [ Skip steps: i=16 d=end f=15 p=end sp=end da=15 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@14 scrub log on lo0 inet6 proto tcp from (lo0:2) to 2000::1 reassemble tcp fragment reassemble
-  [ Skip steps: i=16 d=end p=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@15 scrub log on lo0 proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@16 scrub log on lo1000000 proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@17 scrub on lo0 proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@18 scrub on lo0 proto tcp all no-df min-ttl 15 max-mss 224 reassemble tcp fragment reassemble
+@0 pass proto tcp all flags S/SA keep state
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pf73.ok b/regress/sbin/pfctl/pf73.ok
index beb4f17d1d7..050a094ac13 100644
--- a/regress/sbin/pfctl/pf73.ok
+++ b/regress/sbin/pfctl/pf73.ok
@@ -1,19 +1 @@
-scrub proto tcp all reassemble tcp fragment reassemble
-scrub proto tcp all reassemble tcp fragment reassemble
-scrub proto tcp all reassemble tcp fragment reassemble
-scrub proto tcp all reassemble tcp fragment crop
-scrub proto tcp all reassemble tcp fragment drop-ovl
-scrub proto tcp all reassemble tcp fragment reassemble
-scrub proto tcp from <regress.1> to any reassemble tcp fragment reassemble
-scrub proto tcp from ! <regress.2> to any reassemble tcp fragment reassemble
-scrub inet proto tcp from 10.0.0.1 to 10.0.0.3 reassemble tcp fragment reassemble
-scrub inet proto tcp from 10.0.0.1 to 10.0.0.4 reassemble tcp fragment reassemble
-scrub inet proto tcp from 10.0.0.2 to 10.0.0.3 reassemble tcp fragment reassemble
-scrub inet proto tcp from 10.0.0.2 to 10.0.0.4 reassemble tcp fragment reassemble
-scrub log on lo0 proto tcp all min-ttl 25 reassemble tcp fragment reassemble
-scrub log on lo0 inet6 proto tcp from (lo1000000) to 2000::1 reassemble tcp fragment reassemble
-scrub log on lo0 inet6 proto tcp from (lo0) to 2000::1 reassemble tcp fragment reassemble
-scrub log on lo0 proto tcp all reassemble tcp fragment reassemble
-scrub log on lo1000000 proto tcp all reassemble tcp fragment reassemble
-scrub on lo0 proto tcp all reassemble tcp fragment reassemble
-scrub on lo0 proto tcp all no-df min-ttl 15 max-mss 224 reassemble tcp fragment reassemble
+pass proto tcp all flags S/SA keep state
diff --git a/regress/sbin/pfctl/pf73.optimized b/regress/sbin/pfctl/pf73.optimized
index eab606d6bb5..d8983907b08 100644
--- a/regress/sbin/pfctl/pf73.optimized
+++ b/regress/sbin/pfctl/pf73.optimized
@@ -1,76 +1,4 @@
-@0 scrub proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 scrub proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 scrub proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 scrub proto tcp all reassemble tcp fragment crop
-  [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 scrub proto tcp all reassemble tcp fragment drop-ovl
-  [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 scrub proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=8 p=end sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@6 scrub proto tcp from <regress.1:*> to any reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=8 p=end sp=end da=8 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@7 scrub proto tcp from ! <regress.2:*> to any reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end p=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@8 scrub inet proto tcp from 10.0.0.1 to 10.0.0.3 reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=12 p=end sa=10 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@9 scrub inet proto tcp from 10.0.0.1 to 10.0.0.4 reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=12 p=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@10 scrub inet proto tcp from 10.0.0.2 to 10.0.0.3 reassemble tcp fragment reassemble
-  [ Skip steps: i=12 d=end f=12 p=end sa=12 sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@11 scrub inet proto tcp from 10.0.0.2 to 10.0.0.4 reassemble tcp fragment reassemble
-  [ Skip steps: d=end p=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@12 scrub log on lo0 proto tcp all min-ttl 25 reassemble tcp fragment reassemble
-  [ Skip steps: i=16 d=end p=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@13 scrub log on lo0 inet6 proto tcp from (lo1000000:*) to 2000::1 reassemble tcp fragment reassemble
-  [ Skip steps: i=16 d=end f=15 p=end sp=end da=15 dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@14 scrub log on lo0 inet6 proto tcp from (lo0:2) to 2000::1 reassemble tcp fragment reassemble
-  [ Skip steps: i=16 d=end p=end sp=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@15 scrub log on lo0 proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@16 scrub log on lo1000000 proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@17 scrub on lo0 proto tcp all reassemble tcp fragment reassemble
-  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
-  [ queue: qname= qid=0 pqname= pqid=0 ]
-  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@18 scrub on lo0 proto tcp all no-df min-ttl 15 max-mss 224 reassemble tcp fragment reassemble
+@0 pass proto tcp all flags S/SA keep state
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
diff --git a/regress/sbin/pfctl/pfail10.in b/regress/sbin/pfctl/pfail10.in
index 0a6b82d1cff..f869e0558bc 100644
--- a/regress/sbin/pfctl/pfail10.in
+++ b/regress/sbin/pfctl/pfail10.in
@@ -1,5 +1,4 @@
-# Test rule order processing: should fail unless scrub -> nat -> filter
-nat on lo0 all -> lo0
+# Test rule order processing: should fail unless nat -> filter
 pass in on lo1000000 all
-scrub in on lo0 all
+nat on lo0 all -> lo0
 
diff --git a/regress/sbin/pfctl/pfail10.ok b/regress/sbin/pfctl/pfail10.ok
index c1bc4ed5792..6316dd6ae4a 100644
--- a/regress/sbin/pfctl/pfail10.ok
+++ b/regress/sbin/pfctl/pfail10.ok
@@ -1 +1 @@
-stdin:4: Rules must be in order: options, normalization, queueing, translation, filtering
+stdin:3: Rules must be in order: options, normalization, queueing, translation, filtering
diff --git a/regress/sbin/pfctl/pfail25.in b/regress/sbin/pfctl/pfail25.in
index f1d1c06cad1..99c3bf40a46 100644
--- a/regress/sbin/pfctl/pfail25.in
+++ b/regress/sbin/pfctl/pfail25.in
@@ -1,11 +1,6 @@
-scrub in quick from any to any
-scrub in on ! lo0
-scrub in no-df no-df
-scrub out min-ttl 4 min-ttl 5
-scrub in all min-ttl 256 
-scrub out min-ttl 65536
-scrub in from localhost to localhost max-mss 512 max-mss 1280
-scrub on lo0 fragment crop fragment crop
-scrub in on lo0 from any to localhost fragment drop-ovl fragment crop
-scrub in on lo0 from any to 127.0.0.1 fragment reassemble fragment drop-ovl
-scrub from localhost random-id random-id
+match scrub(no-df no-df)
+match scrub(min-ttl 4 min-ttl 5)
+match in all scrub(min-ttl 256)
+match out scrub(min-ttl 65536)
+match in from localhost to localhost scrub(max-mss 512 max-mss 1280)
+match from localhost scrub(random-id random-id)
diff --git a/regress/sbin/pfctl/pfail25.ok b/regress/sbin/pfctl/pfail25.ok
index 1c4e7ea47e9..64071dfa8ef 100644
--- a/regress/sbin/pfctl/pfail25.ok
+++ b/regress/sbin/pfctl/pfail25.ok
@@ -1,10 +1,6 @@
-stdin:1: scrub rules do not support 'quick'
-stdin:3: no-df cannot be respecified
-stdin:4: min-ttl cannot be respecified
-stdin:5: illegal min-ttl value 256
-stdin:6: illegal min-ttl value 65536
-stdin:7: max-mss cannot be respecified
-stdin:8: fragcache cannot be respecified
-stdin:9: fragcache cannot be respecified
-stdin:10: fragcache cannot be respecified
-stdin:11: random-id cannot be respecified
+stdin:1: no-df cannot be respecified
+stdin:2: min-ttl cannot be respecified
+stdin:3: illegal min-ttl value 256
+stdin:4: illegal min-ttl value 65536
+stdin:5: max-mss cannot be respecified
+stdin:6: random-id cannot be respecified
diff --git a/regress/sbin/pfctl/pfail9.in b/regress/sbin/pfctl/pfail9.in
index 6caf0ede2f2..d414ae687c1 100644
--- a/regress/sbin/pfctl/pfail9.in
+++ b/regress/sbin/pfctl/pfail9.in
@@ -1,5 +1,5 @@
-# Test rule order processing: should fail unless scrub -> nat -> filter
-scrub in on lo0 all
+# Test rule order processing: should fail unless nat -> filter
+match in on lo0 all
 pass in on lo1000000 all
 # bork
 nat on lo0 all -> lo0