OK, well, looking through the ipfw3(8) source,"frag" isn't mentioned anywhere. It might be supported by the underlying kernel filter code (didn't look in there yet), but the userland utility doesn't support it.
> On Nov 29, 2016, at 8:48 AM, Chuck Musser <[email protected]> wrote: > > >> On Nov 29, 2016, at 4:13 AM, Renato dos Santos <[email protected]> wrote: >> >> Well, try with 'any' >> >> ipfw3 add 130 set 2 allow any frag via tun0 >> >> > Yes, I tried that, It says: > ipfw3: protocol `any' not recognizable > > along with: > ipfw3 add 130 set 2 allow all frag via tun0 > ipfw3 add 130 set 2 allow ip frag via tun0 > ipfw3 add 130 set 2 allow tcp frag via tun0 > > These all fail with: > ipfw3: bad command `frag' > > So far, no luck.
