[Bug 216867] IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains

bugzilla-noreply Sun, 11 Mar 2018 09:46:49 -0700

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216867


Rodney W. Grimes <rgri...@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |rgri...@freebsd.org

--- Comment #3 from Rodney W. Grimes <rgri...@freebsd.org> ---
(In reply to Helge Oldach from comment #2)

In general the reass should come before any rule that might check
a port number, as only the first packet, or a completly reassembled
packet has a port number.

So I agree it should be moved before the check state, and probably
moved even much earlier.

The other issue is that net.inet.ip.fw.one_pass must be turned on
for this to work, that change requires further considerations and
testing.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

[Bug 216867] IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains

Reply via email to