I'm trying to block a few UDP ports, and just to be perfect I'd like
to disguise the ports as normal unused ports. With linux & iptables I
managed to do this properly, and ipf seems to support the same thing.
The line in ipf.conf:

block return-icmp-as-dest(port-unr) in on pppoe0 proto udp from any \
to 213.139.166.169 port = 111


This sends the correct port-unreachable -packet, but there's 
something wrong in it. tcpdump says the checksum is bad, and the
packet's length is also wrong:

213.216.249.5.32803 > 213.139.166.169.sunrpc: [udp sum ok] udp 1 \
(DF) (ttl 64, id 36404, len 29)

213.139.166.169 > 213.216.249.5: icmp: 213.139.166.169 udp port \
sunrpc unreachable for 213.216.249.5 > 213.139.166.169: udp (frag \
36404:7404@512) (ttl 63, len 7424, bad cksum 6288!) (ttl 63, id \
36404, len 56)


Here's a normal unblocked & unused udp port for reference:

213.216.249.5.32803 > 213.139.166.169.112: [udp sum ok] udp 1 \
(DF) (ttl 64, id 36627, len 29)

213.139.166.169 > 213.216.249.5: icmp: 213.139.166.169 udp \
port 112 unreachable for 213.216.249.5.32803 > \
213.139.166.169.112: udp 1 (DF) (ttl 63, id 36627, len 29) \
(ttl 254, id 21314, len 56)