Configured by a new option "mssclamp" in NAT rules, like:
map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1452
This is based on work by Xiaodan Tang <xtang@qnx.com>.
better error messages if the user tries to use symbolic names such
as "echo" and "echorep" in "ipv6-icmp ... icmp-type ..." rules.
Consider the following rules:
# cat /etc/ipf6.conf
pass in quick proto ipv6-icmp from any to any icmp-type 128
pass in quick proto ipv6-icmp from any to any icmp-type echo
Use of symbolic names give now the following error:
# ipf -Fa -6f /etc/ipf6.conf
2: Unknown ICMPv6 type (echo) specified (use numeric value instead)
The first rule with numeric value will work as expected:
# ipfstat -6hi
0 pass in quick proto ipv6-icmp from any to any icmp-type 128
NOTE: You MUST use numerical values for ICMPv6 types. See
/sys/netinet/icmp6.h for available codes!
ROOT localhost:~> /etc/rc.d/ipfilter reload
Reloading ipfilter rules.
22: Invalid icmp-type (echo) specified
With version 1.7 everything works just fine:
ROOT localhost:~> /etc/rc.d/ipfilter reload
Reloading ipfilter rules.
Set 1 now inactive
this fix ipfstat reported:
0 pass in quick proto ipv6-icmp from any to any
while after this fix:
0 pass in quick proto ipv6-icmp from any to any icmp-type 8
This was just a display bug, the rule worked as expected.
format and fix PR#8932 while I am here.
Thanks to Darren for letting me know that it was gone.
We should just move to mandoc, but that makes it harder to keep it in sync
with the releases, so I made the changes in the old format.
martin