ipfilter "flags s keep state" question
Murray Taylor
mtaylor at bytecraft.com.au
Tue Feb 15 23:11:07 GMT 2005
tcp rules can use 'keep frags'
TCP packets allow fragmentation by intermediate routers
that need re-assembly at the final destination
On Wed, 2005-02-16 at 08:36, dick hoogendijk wrote:
> I read a lot of rulesets for ipfilter just to study how others do the
> job.
> I've read the ipf HOWTO too. One thing is still very unclear to me
> though.
> Most rules for tcp have something like "flags S keep state" but *some*
> have "flags S keep state keep frags"
>
> Can someone explain to me *when* to use keep frags and when not to? The
> HOWTO is very unclear about this. What exactly is the use of this extra
> 'keep frags'?
--
Murray Taylor
Special Projects Engineer
---------------------------------
Bytecraft Systems & Entertainment
P: +61 3 8710 2555
F: +61 3 8710 2599
D: +61 3 9238 4275
M: +61 417 319 256
E: mtaylor at bytecraft.com.au
or visit us on the web
http://www.bytecraftsystems.com
http://www.bytecraftentertainment.com
---------------------------------------------------------------
The information transmitted in this e-mail is for the exclusive
use of the intended addressee and may contain confidential
and/or privileged material. Any review, re-transmission,
dissemination or other use of it, or the taking of any action
in reliance upon this information by persons and/or entities
other than the intended recipient is prohibited. If you
received this in error, please inform the sender and/or
addressee immediately and delete the material.
E-mails may not be secure, may contain computer viruses and
may be corrupted in transmission. Please carefully check this
e-mail (and any attachment) accordingly. No warranties are
given and no liability is accepted for any loss or damage
caused by such matters.
---------------------------------------------------------------
***This Email has been scanned for Viruses by MailMarshal.***
More information about the freebsd-questions
mailing list