On Tue, Sep 03, 2002 at 05:02:47PM +1000, Murray Armfield wrote:
> Hi Folks,
> 	I have just rebuilt my firewall with 1.6 RC2 and my netbsd devel machine on 
> current as of 20020902 (yesterday), although this also occurred with a 
> slightly older current too.
> 	On my firewall I block all fragmented packets. When I rebuilt my firewall I 
> used pkgsrc over nfs (1.6RC2 nfs client, current nfs server). This fails 
> terribly and ipmon logs away. If I turn off...
> 
> 	block in log quick on vr0 all with frag
> 
> then all is happy. The packet blocking is always from my nfs server to nfs 
> client(firewall).

I can't see what's wrong here. NFS will send fragmented packets, if you have
rsize/wsize larger than an ethernet frame.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--