ipfilter frags question
Shaun T. Erickson
ste at ste-land.com
Mon Mar 1 13:46:15 PST 2004
Having given up on ipfw and switching to ipfilter (much nicer!), I
nearly have my firewall set up. Then I ran into a problem ...
On my Linux box, I can force all fragments to be re-assembled into whole
packets before being presented to the firewall, and that's what I've
done. However, as near as I can tell, FreeBSD (5.2.1-RELEASE) doesn't
have that feature.
So what do I do with fragments? They are a valid part of a tcp
conversation, so dropping them isn't good, but neither is just accepting
them willy-nilly, either.
Suggestions, please, and TIA.
-ste
More information about the freebsd-questions
mailing list