Date: Mon, 01 Mar 2004 16:46:13 -0500 From: "Shaun T. Erickson" <ste@ste-land.com> To: freebsd-questions@freebsd.org Subject: ipfilter frags question Message-ID: <4043AF25.8070000@ste-land.com>
next in thread | raw e-mail | index | archive | help
Having given up on ipfw and switching to ipfilter (much nicer!), I nearly have my firewall set up. Then I ran into a problem ... On my Linux box, I can force all fragments to be re-assembled into whole packets before being presented to the firewall, and that's what I've done. However, as near as I can tell, FreeBSD (5.2.1-RELEASE) doesn't have that feature. So what do I do with fragments? They are a valid part of a tcp conversation, so dropping them isn't good, but neither is just accepting them willy-nilly, either. Suggestions, please, and TIA. -ste
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4043AF25.8070000>