[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [NFS] Re: pf: to scrub or not to scrub?



>>>>> " " == han  <han_(_at_)_mijncomputer_(_dot_)_nl> writes:

     > Hi, I run an OpenBSD (current) nfs server with a linux nfs
     > client (2.4.19-rc3-ac3) and if I turn on the scrub feature
     > (reassemble all fragments) of the OpenBSD firewall I get into
     > trouble with the nfs-client not being able anymore to
     > connect. Perhaps this is something that can be improved in the
     > nfs code. This is not urgent since I can tell the firewall to
     > only pay attention to fragments from the external interface.

The Linux NFS client just uses a standard UDP socket (Nothing up my
sleeve). No special flags are set beyond those which you will get
from using the standard call 'socket(PF_INET, SOCK_DGRAM, 0)'.

Mind explaining exactly what is causing the OpenBSD 'scrub' filter to
fail to pass these packets?

Cheers,
  Trond