Subject: Re: pf, icmp, and max-mss
To: Christian Hattemer <>
From: M Graff <>
List: current-users
Date: 07/27/2006 21:12:28
Hash: SHA1

My problem was traced down to the use of VLANs on an interface that I
thought supported the larger packet size, but turns out does not.  I
switched back to an fxp card, and all is well.  Just another way rtk

The REAL cause is every site out there believing books that tell them to
block ALL ICMP traffic.  But that's another rant.

- --Michael

Christian Hattemer wrote:
> Hi,
> when I changed from 3.0 to -current I also noticed that IPF now seems to
> require restricting the MSS. The option is named mssclamp there.
> I thought this would be one of the several flaws that IPF exhibits now,
> compared to the version in 3.0 with a nearly unchanged ipf.conf (I only
> removed some log keywords and a few block rules).
> I have changed to PF now and had used max-mss from the beginning. But your
> report that PF also won't work reliably without restricting the MSS seems
> to indicate that the cause for this particular problem might be somewhere
> else.
> Bye, Chris

Version: GnuPG v1.4.2.2 (MingW32)