On Wednesday 18 March 2009, Oliver Fromme wrote: > I'm just curious ... Is it really worth the effort to add > fragment reassembly to IPFW? What advantage does it have? > > It would be much easier to simply pass all fragments with > offset > 1, and drop all fragments with offset 0 that are > smaller than a certain reasonable minimum length. What > would be the problem with this approach? > > Best regards > Oliver
Please wait... If I got it right (and dont missing something) then this rule: ipfw add allow ip from any to me frag have dissadvantage - I'm unabled to filter data by UDP/TCP ports. All IP packets is just passing through firewall to me. No UDP/TCP filtering here? _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
