On Mon, 7 May 2001, James Wetterau wrote:

> I overlooked sending this question to this list earlier because the
> first notification I saw of the fragment caching problem with
> ip-filter was sent to port-i386.  I know the problem has been fixed in
> 1.5 and later but I'm running 1.4.1 and would prefer not to upgrade.

I believe the problem you are referring to was also fixed in the
netbsd-1-4 branch (see CHANGES-1.4.4). If you were going to upgrade
ipfilter anyway, you might have better luck using the branch. You
could, for example, upgrade to 1.4.3 (1.4.1 "ipnat" and "ipf" will not
work with a 1.4.3-1.4.4 kernel), and then upgrade only the kernel,
from source, to NetBSD-1.4.3A.


Frederick