IPv6 fragments firewall support?
list_freebsd at bluerosetech.com
list_freebsd at bluerosetech.com
Sat Jun 9 08:12:53 UTC 2012
There's a sentence at the end of the "Fragment Handling" section of the
pf.conf man page:
"Currently, only IPv4 fragments are supported and IPv6 fragments are
blocked unconditionally."
This is in pf.conf(5) for FreeBSD versions using pf 4.1. It looks like
we only have pf 4.5 in HEAD and I believe support for IPv6 fragments
didn't arrive until OpenBSD 5.0 (after the pf.conf format change).
Is IPv6 fragmentation support still an issue? I'm chasing down PMTU
issues and came across this. If it's the case, it would explain a lot
of the problems I'm having with UDP over IPv6.
More information about the freebsd-pf
mailing list