In article <pine.neb.4.64.1703310723590.22...@6bone.informatik.uni-leipzig.de>, <[email protected]> wrote: >On Thu, 30 Mar 2017, Christos Zoulas wrote: > >> All the statistics are incremented in npf_reassembly. This means that they >> must be ipv4 packets... Don't you have any v4 traffic? >> >> christos >> >Hello, > >the router has only one IPv4 address for management, DNS and 6to4. It >routes only IPv6 packets. > >npf has only IPv6 rules. Except for the default rule: > >group default { > pass final all; >} > >So it can really be IPv4 traffic. Can I disable the verification of the >fragmentation of IPv4 packets? I want to be sure that no 6to4 IPv4 packets >are discarded.
I would add some rules to block the ipv4 traffic, except when it comes from your 'known hosts' to your 'known interfaces and ports'. christos
