Date: Sun, 23 Jun 1996 03:21:53 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: taob@io.org (Brian Tao) Cc: freebsd-security@freebsd.org Subject: Re: IPFW vs. IP Filter? Message-ID: <199606221722.KAA20217@freefall.freebsd.org> In-Reply-To: <Pine.NEB.3.92.960622123716.9476E-100000@zap.io.org> from "Brian Tao" at Jun 22, 96 12:40:44 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Brian Tao, sie said: > > BTW, this is in the ipfw man page: > > | There is one kind of packet that the firewall will always discard, that > | is an IP fragment with a fragment offset of one. This is a valid packet, > | but it only has one use, to try to circumvent firewalls. > > I assume ipfilter does this as well? Not automatically, but you can tell it to do so. In the author's mind, there might be occasions where you don't want to discard those packets although you probably want to know they existed. Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606221722.KAA20217>