IPv6 fragments in 10.2
Kristof Provost
kp at FreeBSD.org
Fri Mar 4 07:33:05 UTC 2016
> On 04 Mar 2016, at 03:58, Melissa Pilgrim <list_freebsd at bluerosetech.com> wrote:
>
> Now that pf in 10.2 supports IPv6 fragments, how do you configure pf to allow them? I'm still seeing UDP PMTU breakage specifically with FreeBSD and pf related to the packet filter not passing fragments. The basic "fragment reassemble" scrub rule doesn't seem to be sufficient. The man page was not updated with the commit, and I'm not having any luck with web searches.
The ‘scrub all fragment reassemble’ rule should be sufficient.
Can you post your pf.conf and a network capture demonstrating the problem?
Thanks,
Kristof
More information about the freebsd-pf
mailing list