On Wed, 11-Feb-2015 at 20:10:26 +1100, Ian Smith wrote:
> On Tue, 10 Feb 2015 19:34:20 +0100, Andre Albsmeier wrote:
> > On Wed, 11-Feb-2015 at 04:33:15 +1100, Ian Smith wrote:
> > > On Tue, 10 Feb 2015 14:26:52 +0100, Andre Albsmeier wrote:
> > > > On Tue, 10-Feb-2015 at 13:49:23 +0300, Lev Se
On Tue, 10 Feb 2015 19:34:20 +0100, Andre Albsmeier wrote:
> On Wed, 11-Feb-2015 at 04:33:15 +1100, Ian Smith wrote:
> > On Tue, 10 Feb 2015 14:26:52 +0100, Andre Albsmeier wrote:
> > > On Tue, 10-Feb-2015 at 13:49:23 +0300, Lev Serebryakov wrote:
> > > > On 10.02.2015 00:21, Andre Albsmeier
On Wed, 11-Feb-2015 at 04:33:15 +1100, Ian Smith wrote:
> On Tue, 10 Feb 2015 14:26:52 +0100, Andre Albsmeier wrote:
> > On Tue, 10-Feb-2015 at 13:49:23 +0300, Lev Serebryakov wrote:
> > > On 10.02.2015 00:21, Andre Albsmeier wrote:
> > >
> > > > The ipfw man page says:
> > > >
> > > > Usua
On Tue, 10 Feb 2015 14:26:52 +0100, Andre Albsmeier wrote:
> On Tue, 10-Feb-2015 at 13:49:23 +0300, Lev Serebryakov wrote:
> > On 10.02.2015 00:21, Andre Albsmeier wrote:
> >
> > > The ipfw man page says:
> > >
> > > Usually a simple rule like:
> > >
> > > # reassemble incoming fragments
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 10.02.2015 16:26, Andre Albsmeier wrote:
>> reass works for me, but kills all IPv6 packets, so it should be
>> "reass ip4 from any to any in [recv $iface]"
>
> Hmm, I tried again with ipv4 but this doesn't help (I don't use v6
> anyway here). B
On Tue, 10-Feb-2015 at 13:49:23 +0300, Lev Serebryakov wrote:
> On 10.02.2015 00:21, Andre Albsmeier wrote:
>
> > The ipfw man page says:
> >
> > Usually a simple rule like:
> >
> > # reassemble incoming fragments ipfw add reass all from any to any
> > in
> >
> > is all you need at the beginnin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 10.02.2015 00:21, Andre Albsmeier wrote:
> The ipfw man page says:
>
> Usually a simple rule like:
>
> # reassemble incoming fragments ipfw add reass all from any to any
> in
>
> is all you need at the beginning of your ruleset.
>
> However,
On Wed, 28-Jan-2015 at 10:04:57 -0800, Freddie Cash wrote:
> On Wed, Jan 28, 2015 at 9:53 AM, Lev Serebryakov wrote:
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> >
> > On 28.01.2015 20:38, Matthew Seaman wrote:
> >
> > > What do you get if you run the reply size test at DNS-OARC ?
We use the following for udp fragments specifically this issue actually.
# udp frags (large dnssec responses)
add 02030 allow udp from any to me frag
On 1/28/15, 1:08 PM, "Lev Serebryakov" wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA512
>
>On 28.01.2015 21:04, Freddie Cash wrote:
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 28.01.2015 21:04, Freddie Cash wrote:
>> Looks like "IP Fragments Filtered", but I don't understand — why
>> and where?!
>>
>> I'm using ipfw on both hosts, but I don't have any special rules
>> about IP fragments at all! And as these systems a
On Wed, Jan 28, 2015 at 9:53 AM, Lev Serebryakov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 28.01.2015 20:38, Matthew Seaman wrote:
>
> > What do you get if you run the reply size test at DNS-OARC ?
> >
> > https://www.dns-oarc.net/oarc/services/replysizetest
> 0 lines (em
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 28.01.2015 20:38, Matthew Seaman wrote:
> What do you get if you run the reply size test at DNS-OARC ?
>
> https://www.dns-oarc.net/oarc/services/replysizetest
0 lines (empty answer) at CURRENT, only "rst.x1013.rs.dns-oarc.net."
on 9.3.
Looks
12 matches
Mail list logo
