I searched and read the mailinglist archives. I've asked this on the freebsd questions list. I googled for an answer but it dazzels me and I still have no answer.
I see a lot of ipf.rules files and in some I see (for tcp) "flags S keep state" and sometimes people use "flags S keep state keep frags" And sometimes they don't. I know tcp packets can get fragmented. What I do not know is what's better: to use 'keep frags' and if so, when? sometimes, always? Or what? Who can shine some light on this issue? -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.11 ++ FreeBSD 5.3 + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja
