IPF in 4.11, 4-Stable breaks the semantics of icmp keep-state rules. This problem was mentioned in http://msgs.securepoint.com/cgi-bin/get/ipfilter-0503/31/1/2/1/1.html
I wouldn't make a fuss over this simple matter except that this constitutes a POLA violation. To that end, the following pr was submitted: http://www.freebsd.org/cgi/query-pr.cgi?pr=79416 Incidentially, unless I really misunderstand ipf, there appears to be a genuine bug here. POLA issues aside, a pass-rule is being used to block packets. Thanks, Jon _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
