Rodney W. Grimes <> changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #3 from Rodney W. Grimes <> ---
(In reply to Helge Oldach from comment #2)

In general the reass should come before any rule that might check
a port number, as only the first packet, or a completly reassembled
packet has a port number.

So I agree it should be moved before the check state, and probably
moved even much earlier.

The other issue is that net.inet.ip.fw.one_pass must be turned on
for this to work, that change requires further considerations and

You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Reply via email to