Date: Mon, 1 Mar 2004 14:21:44 -0800 From: "Mike Maltese" <mike@pcmedx.com> To: <freebsd-questions@freebsd.org> Cc: "Shaun T. Erickson" <ste@ste-land.com> Subject: Re: ipfilter frags question Message-ID: <001c01c3ffdb$93f58e10$f4f0a8c0@pcmedx.com> References: <4043AF25.8070000@ste-land.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On my Linux box, I can force all fragments to be re-assembled into whole > packets before being presented to the firewall, and that's what I've > done. However, as near as I can tell, FreeBSD (5.2.1-RELEASE) doesn't > have that feature. > > So what do I do with fragments? They are a valid part of a tcp > conversation, so dropping them isn't good, but neither is just accepting > them willy-nilly, either. http://www.obfuscation.org/ipf/ipf-howto.html#TOC_23
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001c01c3ffdb$93f58e10$f4f0a8c0>