Re: PF silently dropping IPv6 packets

To: Martti Kuparinen <martti.kuparinen%iki.fi@localhost>
Subject: Re: PF silently dropping IPv6 packets
From: Fredrik Pettai <pettai%nordu.net@localhost>
Date: Tue, 16 Feb 2010 14:37:08 +0100

On Feb 16, 2010, at 2:05 PM, Martti Kuparinen wrote:

Hi,
Our PF firewall is running NetBSD/amd64 5.0_STABLE and while testingone new IETF protocol, we discovered that the firewall is silentlydropping the echo reply packet because it has fragmentation headerin it (as specified by the draft).
Is PF doing something wrong here or are we missing something in ourpf.conf? Right now we have
scrub in             all
scrub out on $EXT_IF all random-id
scrub     on $EXT_IF all reassemble tcp


Have you tried to remove the scrubbing?

/P

Follow-Ups:
- Re: PF silently dropping IPv6 packets
  - From: Martti Kuparinen

References:
- PF silently dropping IPv6 packets
  - From: Martti Kuparinen

Prev by Date: PF silently dropping IPv6 packets
Next by Date: Re: PF silently dropping IPv6 packets
Previous by Thread: PF silently dropping IPv6 packets
Next by Thread: Re: PF silently dropping IPv6 packets
Indexes:

Home | Main Index | Thread Index | Old Index