Hello,
I'm trying to get PF working with large IPv6 packets. However, when sending
large ICMPv6 packets, I'v got blocked packets w/ following ruleset part:
pass out quick on $gif_if inet6 \
from { $ourip6, fe80::/8 } to any keep state
ping6 -s 3500 www.kame.net
produced following:
Nov 27 14:56:50.262413 rule 10/0(match): block in on gif0:
2001:200:0:4819:210:f3ff:fe03:4d0 > 3ffe:80ee:38f::2: frag (0|1232) icmp6: echo reply
Nov 27 14:56:50.270488 rule 10/0(match): block in on gif0:
2001:200:0:4819:210:f3ff:fe03:4d0 > 3ffe:80ee:38f::2: frag (1232|1232) icmp6: type-#200
Nov 27 14:56:50.271351 rule 10/0(match): block in on gif0:
2001:200:0:4819:210:f3ff:fe03:4d0 > 3ffe:80ee:38f::2: frag (2464|1044) icmp6: type-#152
Nov 27 14:56:51.276296 rule 10/0(match): block in on gif0:
2001:200:0:4819:210:f3ff:fe03:4d0 > 3ffe:80ee:38f::2: frag (0|1232) icmp6: echo reply
Nov 27 14:56:51.284376 rule 10/0(match): block in on gif0:
2001:200:0:4819:210:f3ff:fe03:4d0 > 3ffe:80ee:38f::2: frag (1232|1232) icmp6: type-#200
Nov 27 14:56:51.285294 rule 10/0(match): block in on gif0:
2001:200:0:4819:210:f3ff:fe03:4d0 > 3ffe:80ee:38f::2: frag (2464|1044) icmp6: type-#152
^C
v.
