> On my Linux box, I can force all fragments to be re-assembled into whole > packets before being presented to the firewall, and that's what I've > done. However, as near as I can tell, FreeBSD (5.2.1-RELEASE) doesn't > have that feature. > > So what do I do with fragments? They are a valid part of a tcp > conversation, so dropping them isn't good, but neither is just accepting > them willy-nilly, either.
http://www.obfuscation.org/ipf/ipf-howto.html#TOC_23 _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"