Stuart Henderson wrote: > On 2009/12/16 13:27, Helmut Schneider wrote: > > [...] > > > Dec 15 13:34:23.640235 rule 11/(match) block in on bge0: $SERVER > > > > $CLIENT: frag (0|1448) 500 > 500: isakmp v1.0 exchange ID_PROT > > > encrypted cookie: 583b9e29ae2a701f->f2257c7575eb8336 > > > msgid: 00000000 len: 1596 Dec 15 13:34:23.640245 rule 11/(match) > > > block in on bge0: $SERVER > $CLIENT: frag (1448|156) > > > > Same with 4.6. With "pass quick log inet6" the connection is > > successful. Is the packet incorrectly parsed?! The fact that the > > unfragmented packet is passed would confirm that. > > PF doesn't support IPv6 fragments yet.
Too bad... :(
