* Stuart Henderson <[email protected]> [2009-12-16 16:00]: > On 2009/12/16 13:27, Helmut Schneider wrote: > > [...] > > > Dec 15 13:34:23.640235 rule 11/(match) block in on bge0: $SERVER > > > > $CLIENT: frag (0|1448) 500 > 500: isakmp v1.0 exchange ID_PROT encrypted > > > cookie: 583b9e29ae2a701f->f2257c7575eb8336 msgid: 00000000 len: > > > 1596 > > > Dec 15 13:34:23.640245 rule 11/(match) block in on bge0: $SERVER > > > > $CLIENT: frag (1448|156) > > > > Same with 4.6. With "pass quick log inet6" the connection is > > successful. Is the packet incorrectly parsed?! The fact that the > > unfragmented packet is passed would confirm that. > > PF doesn't support IPv6 fragments yet.
"yet". hah. -- Henning Brauer, [email protected], [email protected] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
