[Bug 216867] IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains

2018-03-11 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216867 Rodney W. Grimes changed: What|Removed |Added CC||rgri...@freebsd.org --- Comment

[Bug 216867] IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains

2018-03-11 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216867 --- Comment #2 from Helge Oldach --- (In reply to Mark Felder from comment #1) Tested and works. However the reass should come *before* the check-state as fragments (except the first) don't include protocol and port numbers and thus cannot

Re: [Bug 216867] IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains

2017-03-07 Thread Ian Smith
On Tue, 7 Mar 2017 08:45:22 -0600, Mark Felder wrote: > On Tue, Mar 7, 2017, at 08:43, Ian Smith wrote: > > > https://reviews.freebsd.org/D9920 > > > > I've always used these rules from 'client' and 'simple' rulesets: > >${fwcmd} add pass all from any to any frag > > which I long ago f

Re: [Bug 216867] IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains

2017-03-07 Thread Michael Sierchio
On Tue, Mar 7, 2017 at 9:43 AM, Ian Smith wrote: However, looking at the review patch, I do wonder if the reass shouldn't > precede, rather than follow, the check-state? > > Absolutely, yes - fragments don't carry sub-protocol info. -- "Well," Brahma said, "even after ten thousand explanations

Re: [Bug 216867] IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains

2017-03-07 Thread Mark Felder
On Tue, Mar 7, 2017, at 08:43, Ian Smith wrote: > On Tue, 7 Mar 2017 13:49:25 +, bugzilla-nore...@freebsd.org wrote: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216867 > > > > Mark Felder changed: > > > >What|Removed |Added > > > ---

Re: [Bug 216867] IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains

2017-03-07 Thread Ian Smith
On Tue, 7 Mar 2017 13:49:25 +, bugzilla-nore...@freebsd.org wrote: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216867 > > Mark Felder changed: > >What|Removed |Added > --

[Bug 216867] IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains

2017-03-07 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216867 Mark Felder changed: What|Removed |Added CC||f...@freebsd.org --- Comment #1 from

[Bug 216867] IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains

2017-02-08 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216867 Mark Linimon changed: What|Removed |Added CC|freebsd-am...@freebsd.org | Assignee|freebsd-b...@fr