Date: Fri, 25 Aug 1995 00:00:54 PDT From: Bill Fenner <fenner@parc.xerox.com> To: guido@gvr.win.tue.nl (Guido van Rooij) Cc: freebsd-hackers@freebsd.org Subject: Re: IPFW and SCREEND Message-ID: <95Aug25.000101pdt.177475@crevenia.parc.xerox.com> In-Reply-To: Your message of "Thu, 24 Aug 95 23:22:50 PDT." <199508250622.IAA08602@gvr.win.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199508250622.IAA08602@gvr.win.tue.nl> you write: >you should at least make sure that you can 'look' to the >ACK it of the TCP header. Right, I forgot about the stupid SYN hack (I prefer secure firewalls =). So for TCP, that means that you will potentially drop legal packets (of course, I pity the fool who uses an MTU of 68, but it's legal...). Basically, this just means that the minimum acceptable fragment offset needs to be configurable; perhaps even differently for TCP and UDP (or TCP and everything-else)... Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?95Aug25.000101pdt.177475>