On Apr 1, 2005 2:06 AM, Cedric Berger wrote: > Kevin Kadow wrote: > >I've noticed frag'd ICMP echo-replies being dropped by "scrub in" when > >they come from a Solaris host. Is this a known issue? > > Oh Yeah, > That's a long time annoyance of the scrub code, which > (wrongly IMO, but others disagree) drops fragments which have > the "DF" bit set. You'll get the same problem with fragmented UDP > packets from Solaris and Linux (typical with NFS) > > Cedric
That makes sense. Changing the pf.conf entry to read "scrub in no-df" makes the problem go away. Kevin
