Date: Sat, 28 May 2016 13:59:34 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 207598] pf adds icmp unreach on gre/ipsec somehow Message-ID: <bug-207598-17777-82V7PdplM2@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-207598-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-207598-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207598 --- Comment #24 from Kristof Provost <kp@freebsd.org> --- (In reply to Max from comment #23) Yeah, that's certainly a valid point. Arguably the network stack shouldn't send errors if the firewall drops a packet, instead leaving it to the firewall to send an error. Or perhaps we should extend the netpfil interface to support both scenarios. Either way, this change will affect more than just pf, so it'd have to be d= one very carefully. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-207598-17777-82V7PdplM2>