On 29.07.2007, at 08:47, Frank Edwards wrote:
> You're right. I've updated the patch (below) to handle this. "Allow
> fragmented packets" option must be enabled on m0n0wall firewall
> rules on
> each interface to ensure fragments are passed.
> I'm not sure if this is the most elegant place in the code to apply
> but it seems to be effective. I didn't want to modify fr_addstate
> as it is
> called from different parts of the code. I suspect it may be something
> specific to FreeBSD 6.
> Let me know how this goes?
Works fine, thanks! I find it strange that nobody has filed a FreeBSD
bug report for this yet - unless, of course, it's somehow related
with the other kernel modifications in m0n0wall (which I don't
suppose, after having read your explanation for ipfilter's wrong
behavior again). Maybe we should do that now. ;)