Re: pf block unwanted traffic

[Kapetanakis Giannis]

Right now I saw a similar case:

Nov 21 13:08:35.876814 rule def/(fragment) pass in on ext_if: 
128.86.1.20.53 > xx.xx.xx.xx.36447: 34117*-[|domain] (frag 1942:1480@0+) 
(DF)
Nov 21 13:08:35.876817 rule def/(fragment) pass in on ext_if: 
128.86.1.20 > xx.xx.xx.xx: (frag 1942:337@1480) (DF)

These are apparently fragmented packets.

Are the allowed to get in or not? If yes then I still don't get rule def 
(state maybe?)

G

ps.
@1 match in all scrub (no-df max-mss 1440)