[Bug 216867] IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Mar 11 16:45:53 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216867
Rodney W. Grimes <rgrimes at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rgrimes at FreeBSD.org
--- Comment #3 from Rodney W. Grimes <rgrimes at FreeBSD.org> ---
(In reply to Helge Oldach from comment #2)
In general the reass should come before any rule that might check
a port number, as only the first packet, or a completly reassembled
packet has a port number.
So I agree it should be moved before the check state, and probably
moved even much earlier.
The other issue is that net.inet.ip.fw.one_pass must be turned on
for this to work, that change requires further considerations and
testing.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ipfw
mailing list