10.3 : PF and fragmented packets
Kristof Provost
kp at FreeBSD.org
Fri Oct 14 14:34:15 UTC 2016
On 14 Oct 2016, at 16:06, Patrick Lamaiziere wrote:
> Looks like PF filters out fragmented packets on 10.3, at leat icmp and
> UDP. (this is not the behavior of OpenBSD 5.X)
>
I would expect pf to drop fragments (on both v4 and v6) if it’s
configured to
do so and pass them if configured to do so, certainly if scrub fragment
reassemble is not set.
> Shall I play with the scrub option to allow them ?
>
You almost certainly want ‘scrub in fragment reassemble’ or
something similar,
yes.
Regards,
Kristof
More information about the freebsd-questions
mailing list