From owner-freebsd-questions@FreeBSD.ORG Wed Feb 16 16:11:59 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49A3B16A4CE for ; Wed, 16 Feb 2005 16:11:59 +0000 (GMT) Received: from nagual.st (cc20684-a.assen1.dr.home.nl [217.122.132.217]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A3E643D46 for ; Wed, 16 Feb 2005 16:11:58 +0000 (GMT) (envelope-from dick@nagual.st) Received: from localhost (localhost [127.0.0.1]) (uid 1000) by nagual.st with local; Wed, 16 Feb 2005 17:11:57 +0100 Date: Wed, 16 Feb 2005 17:11:57 +0100 To: freebsd-questions Message-ID: <20050216161156.GA17882@lothlorien.nagual.st> References: <20050215223621.4f7790d8.dick@nagual.st> <1108509036.80214.162.camel@wstaylorm.dand06.au.bytecraft.au.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <1108509036.80214.162.camel@wstaylorm.dand06.au.bytecraft.au.com> User-Agent: Mutt/1.4.2.1i From: Dick Hoogendijk Subject: Re: ipfilter "flags s keep state" question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Feb 2005 16:11:59 -0000 On 16 Feb Murray Taylor wrote: > tcp rules can use 'keep frags' > TCP packets allow fragmentation by intermediate routers > that need re-assembly at the final destination > > On Wed, 2005-02-16 at 08:36, dick hoogendijk wrote: > > I read a lot of rulesets for ipfilter just to study how others do > > the job. I've read the ipf HOWTO too. One thing is still very > > unclear to me though. Most rules for tcp have something like "flags > > S keep state" but *some* have "flags S keep state keep frags" > > > > Can someone explain to me *when* to use keep frags and when not to? > > The HOWTO is very unclear about this. What exactly is the use of > > this extra 'keep frags'? YES, I know tcp packets can get fragmented. I wander however why in most cases people just use "keep state" and *sometimes* "keep state keep frags" I really like to know when or when not to use "keep frags" In other words: when is it really useful and when is it not? -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.11 ++ FreeBSD 5.3 + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja