On Friday 09 November 2007, Dag-Erling Smørgrav wrote: > Max Laier <[EMAIL PROTECTED]> writes: > > No, I don't see why these two should behave differently, but you > > should add a "scrub in on sk0" in any case. > > scrub is known and documented to interfere with NFS.
Only with broken NFS clients and even then a combination of "no-df" and "random-id" parameters can be used to make them work, too. Without reassembly stateful filtering is impossible (though this still doesn't explain why an explicit "udp keep state"-rule would work). -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
signature.asc
Description: This is a digitally signed message part.
