On Sat, Apr 12, 2003 at 08:30:57AM +0300, Giorgos Keramidas wrote: > > h. You're blocking fragments. It's not always a good idea. Provided most rules use check-state, and the 'deny frag' rule follows the check-state rules, won't valid fragments be passed by dynamic rules?. Jeff