pf misfeature
Max Laier
max at love2party.net
Fri Nov 9 08:47:52 PST 2007
On Friday 09 November 2007, Dag-Erling Smørgrav wrote:
> Max Laier <max at love2party.net> writes:
> > No, I don't see why these two should behave differently, but you
> > should add a "scrub in on sk0" in any case.
>
> scrub is known and documented to interfere with NFS.
Only with broken NFS clients and even then a combination of "no-df"
and "random-id" parameters can be used to make them work, too. Without
reassembly stateful filtering is impossible (though this still doesn't
explain why an explicit "udp keep state"-rule would work).
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20071109/fd600716/attachment.pgp
More information about the freebsd-net
mailing list