[pf4freebsd] Re: fixing out of order first fragment processing?
Mark Atkinson
darkmark at filament.org
Wed Sep 15 21:09:40 PDT 2004
I have to sign up from a different address since freelists does not like
yahoo mail.
>If DF(don't fragment) bit in IP packet header was set and the packet
>was fragmented, pf will drop the IP packet. I guess it's natural to
>drop the IP packet when such a condition happens.
>Check the output of tcpdump.
>You can let pf pass the packet with no-df option.
>For instance,
>scrub on $interface random-id no-df fragment reassemble
This DOES work -- Linux does set the DF flag on it's fragments.
Thanks a ton.
Mark Atkinson
mark-pf at filament.org
(!wired)?(coffee++):(wired);
More information about the freebsd-pf
mailing list