On 12/7/2014 2:57 AM, Kurt Jaeger wrote:
On 12/5/2014 6:09 PM, Martin Hanson wrote:
Has any important bugs been fixed in PF on OpenBSD since the current
port in FreeBSD that actually makes the current PF in FreeBSD
"dangerous" to run with?
FreeBSD's pf is broken for IPv6. Its lack of fragment support means a
FreeBSD breaks EDNS0 and other large-packet protocols that rely on
fragment headers.
This was fixed recently as far as I understand.
Have a look at
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=179392
and
https://svnweb.freebsd.org/changeset/base/274709
I think you're confused about the issue I described. I'm talking about
pf not supporting fragment headers and as such dropping fragmented
packets instead of statefully passing them.
See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=124933
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
