with the slower HZ="1000" value? *shrug*. Anyway, I put the live device back up at my colo this morning, and it's been fine all day. I just blocked all ICMP at the router in front of the firewall (it runs FreeBSD as well with Zebra and happens to also run IPFIREWALL with
Then your broken... how do you expect Path MTU Discovery to work? You MUST allow ICMP 3/4.
Keep state is supposed to do this, but it seems it actually doesn't... thats one of many things on my To Do list.
-- Phil Dibowitz [EMAIL PROTECTED] Freeware and Technical Pages Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759
