[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: npf bug(?)
On Sun, 2 Apr 2017, Christos Zoulas wrote:
I am trying to understand the use case here:
1. you want to have V4 DNS and 6to4 service that can generate V4 fragments
2. you want V4 fragments dropped.
3. you can't put V4 rules in your firewall to restrict traffic to only
Is that correct?
That is not completely right. I want to filter IPv6 with npf. IPv4 should
not be filtered. After the activation of npf the statistics shows:
7160 failed reassembly
Since IPv6 is no longer reassambling, it must be IPv4 packets. I want to
make sure that the reassembly errors do not lead to packet losses,
especially at 6to4.
Main Index |
Thread Index |