>
> This should be rejected as "keep frags" is meaningless here.
>
> pass out log quick on bge0 proto udp from xxx.xxx.xxx.113/32 to any port = 53
> keep state keep frags
>
> You need
>
> pass in quick from any to any with frag keep frag
The reason is that "ip" fragments not have next level headers.
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
