On 2009/12/16 13:27, Helmut Schneider wrote: > [...] > > Dec 15 13:34:23.640235 rule 11/(match) block in on bge0: $SERVER > > > $CLIENT: frag (0|1448) 500 > 500: isakmp v1.0 exchange ID_PROT encrypted > > cookie: 583b9e29ae2a701f->f2257c7575eb8336 msgid: 00000000 len: > > 1596 > > Dec 15 13:34:23.640245 rule 11/(match) block in on bge0: $SERVER > > > $CLIENT: frag (1448|156) > > Same with 4.6. With "pass quick log inet6" the connection is > successful. Is the packet incorrectly parsed?! The fact that the > unfragmented packet is passed would confirm that.
PF doesn't support IPv6 fragments yet.