diff options
author | yar <yar@FreeBSD.org> | 2008-02-07 11:00:42 +0000 |
---|---|---|
committer | yar <yar@FreeBSD.org> | 2008-02-07 11:00:42 +0000 |
commit | 7d4cb18f1121718e503b4d3a9d8f524a29f238ff (patch) | |
tree | 23a8b53fa85af1225910b96bb8276510edeeeab3 /sbin | |
parent | efcf10f47baa709a11c4c4c07dfe44573aa4f0f6 (diff) | |
download | FreeBSD-src-7d4cb18f1121718e503b4d3a9d8f524a29f238ff.zip FreeBSD-src-7d4cb18f1121718e503b4d3a9d8f524a29f238ff.tar.gz |
Add a note that ipfw states do not implicitly match ICMP error messages.
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 2c175ed..67ed262 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -2711,3 +2711,9 @@ ipfw nat is not compatible with the tcp segmentation offloading (TSO). Thus, to reliably nat your network traffic, please disable TSO on your NICs using .Xr ifconfig 8 . +.Pp +ICMP error messages are not implicitly matched by dynamic rules +for the respective conversations. +To avoid failures of network error detection and path MTU discovery, +ICMP error messages may need to be allowed explicitly through static +rules. |