Date: Tue, 7 Jun 2011 15:50:57 -0400 From: Gary Palmer <gpalmer@freebsd.org> To: freebsd-pf@freebsd.org Subject: IPv6 day, PF and IPv6 fragments Message-ID: <20110607195057.GA37735@in-addr.com>
next in thread | raw e-mail | index | archive | help
Hi,
I noticed after running test-ipv6.com at home that I was getting
2011-06-07 20:35:55.588335 rule 279/0(match): block in on gif0: 2001:4998:0:6::11 > <my IP>: frag (0|1424) 80 > 62594: . 0:1392(1392) ack 1 win 8211 <nop,nop,timestamp 3656890291 1004528553>
2011-06-07 20:35:55.588521 rule 279/0(match): block in on gif0: 2001:4998:0:6::11 > <my IP>: frag (1424|16)
on my FreeBSD 7.3-RELEASE firewall. "man pf.conf" says
Currently, only IPv4 fragments are supported and IPv6 fragments are
blocked unconditionally.
Is this correct? If so, what is the correct way of getting IPv6 fragmented
packets through a pf firewall, or which version of FreeBSD introduces a PF
version that natively handles IPv6 fragments?
Thanks,
Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110607195057.GA37735>