Date: Fri, 4 Mar 2016 08:33:03 +0100 From: Kristof Provost <kp@FreeBSD.org> To: Melissa Pilgrim <list_freebsd@bluerosetech.com> Cc: freebsd-pf@freebsd.org Subject: Re: IPv6 fragments in 10.2 Message-ID: <9F4AE691-7D6C-4FC4-9FCA-AA16F9AE9263@FreeBSD.org> In-Reply-To: <56D8F9E1.9060808@bluerosetech.com> References: <56D8F9E1.9060808@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 04 Mar 2016, at 03:58, Melissa Pilgrim <list_freebsd@bluerosetech.com> wrote: > > Now that pf in 10.2 supports IPv6 fragments, how do you configure pf to allow them? I'm still seeing UDP PMTU breakage specifically with FreeBSD and pf related to the packet filter not passing fragments. The basic "fragment reassemble" scrub rule doesn't seem to be sufficient. The man page was not updated with the commit, and I'm not having any luck with web searches. The ‘scrub all fragment reassemble’ rule should be sufficient. Can you post your pf.conf and a network capture demonstrating the problem? Thanks, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9F4AE691-7D6C-4FC4-9FCA-AA16F9AE9263>