Date: Fri, 4 Jun 2021 19:47:31 +0100 From: Pete French <petefrench@ingresso.co.uk> To: Chris <bsd-lists@bsdforge.com> Cc: stable@freebsd.org Subject: Re: pf starts blocking all traffic after a short while Message-ID: <a4f51ae9-216b-c682-725d-15a004c846c2@ingresso.co.uk> In-Reply-To: <f70dbbd8cec0ea0f2490ff6842c94975@bsdforge.com> References: <E1lp6Mt-000Nhj-V7@dilbert.ingresso.co.uk> <f70dbbd8cec0ea0f2490ff6842c94975@bsdforge.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> OK I may be completely off the mark here. But I seem to remember something > about potential problems with fragment reassembly on IPv6. Just for kicks, > does the problem still manifest if you comment > scrub all max-mss 1200 fragment reassemble > Again, I may be off the mark here, as I don't exactly remember where/when > I read about it. But just thought I'd throw it out there in case it helped. Actually, yes, this is true, and in most other places I use pf I have the rule: pass quick inet6 proto ipv6-frag all keep state in pf.conf. But this time I forgot. However I just tried adding that though, and it hasnt helped. All IPv4 traffic as well as IPv6 gets dropped when it starts dropping stuff, so I dont think this is Ipv6 related. Good memory though, I had forgotten that ;-) -pete.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a4f51ae9-216b-c682-725d-15a004c846c2>