Hello,
I'm having trouble getting ipfilter to allow udp fragments. One of
our services uses rather large udp packets ( > 16 K), parts of which are
being blocked with our rule set. I've got
pass in quick proto udp from any to any port = 3939 keep state keep
frags
but when a transaction happens, I still end up seeing blocked udp traffic:
Dec 1 08:12:56 mg5.et ipmon[112]: [ID 702911 local0.warning]
08:12:55.602065 bge0 @0:17 b a.b.c.d -> x.y.z.w PR udp len 20 (820)
(frag 39533:[EMAIL PROTECTED]) IN
ipf -V
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0x187
pfil version 2.1.9
no ipnat.
Am I doing something wrong here? How are these packets getting blocked?
Thanks in advance,
--
Erik Huizing
Regional Services
(403)-781-4906
