On Wed, Apr 17, 2002 at 09:37:53PM +0200, Maciej Soltysiak wrote: > > Hello List, > > > > Is it possible to match packets with the DF flag set/not set? > Hmm, i don't think it is possible with netfilter.
Hmmm, I think this whould be handy to have. I tried to construct an iptables rule to match certain packets generated by pmtu-discovery, and one property of them was DF. It is funny no one ever tried to implement this... > For sure you could match it using u32 filter. > DF flag is a 50th IP header bit set to 1. I am going to try that, but this seems like a comlicated solution for a simple task.... Regards, lG uk -- --------------------------------------------------------------------------- Ulrich Kiermayr Zentraler Informatikdienst der Universitaet Wien Network Security Universitaetsstrasse 7, 1010 Wien, Austria --------------------------------------------------------------------------- eMail: [EMAIL PROTECTED] Tel: (+43 1) 4277 / 14104 Hotline: [EMAIL PROTECTED] Fax: (+43 1) 4277 / 9140 Web: http://www.univie.ac.at/zid/security.html --------------------------------------------------------------------------- GPG Key fingerprint = BF0D 5749 4DC1 ED74 AB67 7180 105F 491D A8D7 64D8
