Date: Fri, 14 Oct 2016 16:34:11 +0200 From: "Kristof Provost" <kp@FreeBSD.org> To: "Patrick Lamaiziere" <patfbsd@davenulle.org> Cc: freebsd-questions@freebsd.org Subject: Re: 10.3 : PF and fragmented packets Message-ID: <6808974A-0500-4E17-A000-A7A3E02A46DF@FreeBSD.org> In-Reply-To: <20161014160649.658a32cd@mr185083> References: <20161014160649.658a32cd@mr185083>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14 Oct 2016, at 16:06, Patrick Lamaiziere wrote: > Looks like PF filters out fragmented packets on 10.3, at leat icmp and > UDP. (this is not the behavior of OpenBSD 5.X) > I would expect pf to drop fragments (on both v4 and v6) if it’s configured to do so and pass them if configured to do so, certainly if scrub fragment reassemble is not set. > Shall I play with the scrub option to allow them ? > You almost certainly want ‘scrub in fragment reassemble’ or something similar, yes. Regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6808974A-0500-4E17-A000-A7A3E02A46DF>