On Wednesday 2011-04-27 10:57, Leo Baltus wrote: >Hi, > >When doing recusive dns queries to dnssec-enbled servers it looks like >ip6tables does not assemble udp packets before filtering takes place. >This results in fragments being dropped. You need to have nf_defrag_ipv6 loaded for automatic defragmentation. There are only a few components that depend on it - nf_conntrack and TPROXY, so it may not be autoloaded if you do not use either. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
