On 2015-04-07 08:33:17 (+0200), Hans Ottevanger wrote:
> On 04/06/15 21:05, Kristof Provost wrote:
> > Author: kp
> > Date: Mon Apr 6 19:05:00 2015
> > New Revision: 281164
> > URL: https://svnweb.freebsd.org/changeset/base/281164
> >
> > Log:
> >pf: Skip firewall for refragmented ip6 packets
On 04/06/15 21:05, Kristof Provost wrote:
Author: kp
Date: Mon Apr 6 19:05:00 2015
New Revision: 281164
URL: https://svnweb.freebsd.org/changeset/base/281164
Log:
pf: Skip firewall for refragmented ip6 packets
In cases where we scrub (fragment reassemble) on both input and output
we r
> On 06 Apr 2015, at 22:50, Richard Tector
> wrote:
>
> I was just wondering how this affects the case where we might have if-bound
> rules?
>
> Really basic example:
>
> pass quick on $outside_if inet6 proto udp from any to $myhost
> block drop quick on $inside_if inet6 proto udp from any
On 06/04/2015 20:05, Kristof Provost wrote:
Author: kp
Date: Mon Apr 6 19:05:00 2015
New Revision: 281164
URL: https://svnweb.freebsd.org/changeset/base/281164
Log:
pf: Skip firewall for refragmented ip6 packets
In cases where we scrub (fragment reassemble) on both input and output
we
Author: kp
Date: Mon Apr 6 19:05:00 2015
New Revision: 281164
URL: https://svnweb.freebsd.org/changeset/base/281164
Log:
pf: Skip firewall for refragmented ip6 packets
In cases where we scrub (fragment reassemble) on both input and output
we risk ending up in infinite loops when forwardi
