IPv6 day, PF and IPv6 fragments
Gary Palmer
gpalmer at freebsd.org
Tue Jun 7 19:51:01 UTC 2011
Hi,
I noticed after running test-ipv6.com at home that I was getting
2011-06-07 20:35:55.588335 rule 279/0(match): block in on gif0: 2001:4998:0:6::11 > <my IP>: frag (0|1424) 80 > 62594: . 0:1392(1392) ack 1 win 8211 <nop,nop,timestamp 3656890291 1004528553>
2011-06-07 20:35:55.588521 rule 279/0(match): block in on gif0: 2001:4998:0:6::11 > <my IP>: frag (1424|16)
on my FreeBSD 7.3-RELEASE firewall. "man pf.conf" says
Currently, only IPv4 fragments are supported and IPv6 fragments are
blocked unconditionally.
Is this correct? If so, what is the correct way of getting IPv6 fragmented
packets through a pf firewall, or which version of FreeBSD introduces a PF
version that natively handles IPv6 fragments?
Thanks,
Gary
More information about the freebsd-pf
mailing list