>> Why these packets weren't translated by pf nat rules or filtered by pf >> block rule? >> >> Note they appear once in five seconds. Tried to modify frag parameter, >> but this didn't help. Also I noticed they all have ACK bit set. >> >> Thank you.
SU> What is the date of your build (uname -a). There was a commit SU> recently to fix fragmented packets w/ hardware checksums SU> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/contrib/pf/net/pf_norm.c.diff?r1=1.11.2.4;r2=1.11.2.5;only_with_tag=RELENG_6 The date of my cvsup and build is Wed Jul 11 21:38:14 MSD 2007 I've checked /usr/src/sys/contrib/pf/net/pf_norm.c and noted it is patched conform link you provided. -- mailto:[EMAIL PROTECTED] _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
