Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Feb 2005 10:10:36 +1100
From:      Murray Taylor <mtaylor@bytecraft.com.au>
To:        dick hoogendijk <dick@nagual.st>
Cc:        freebsdquestions <freebsd-questions@freebsd.org>
Subject:   Re: ipfilter "flags s keep state" question
Message-ID:  <1108509036.80214.162.camel@wstaylorm.dand06.au.bytecraft.au.com>
In-Reply-To: <20050215223621.4f7790d8.dick@nagual.st>
References:  <20050215223621.4f7790d8.dick@nagual.st>

next in thread | previous in thread | raw e-mail | index | archive | help
tcp rules can use 'keep frags'
TCP packets allow fragmentation by intermediate routers
that need re-assembly at the final destination

On Wed, 2005-02-16 at 08:36, dick hoogendijk wrote:
> I read a lot of rulesets for ipfilter just to study how others do the
> job.
> I've read the ipf HOWTO too. One thing is still very unclear to me
> though.
> Most rules for tcp have something like "flags S keep state" but *some*
> have "flags S keep state keep frags"
> 
> Can someone explain to me *when* to use keep frags and when not to? The
> HOWTO is very unclear about this. What exactly is the use of this extra
> 'keep frags'?
-- 
Murray Taylor
Special Projects Engineer
---------------------------------
Bytecraft Systems & Entertainment
P: +61 3 8710 2555
F: +61 3 8710 2599
D: +61 3 9238 4275
M: +61 417 319 256
E: mtaylor@bytecraft.com.au
or visit us on the web
http://www.bytecraftsystems.com
http://www.bytecraftentertainment.com


---------------------------------------------------------------
The information transmitted in this e-mail is for the exclusive
use of the intended addressee and may contain confidential
and/or privileged material. Any review, re-transmission,
dissemination or other use of it, or the taking of any action
in reliance upon this information by persons and/or entities
other than the intended recipient is prohibited. If you
received this in error, please inform the sender and/or
addressee immediately and delete the material. 

E-mails may not be secure, may contain computer viruses and
may be corrupted in transmission. Please carefully check this
e-mail (and any attachment) accordingly. No warranties are
given and no liability is accepted for any loss or damage
caused by such matters.
---------------------------------------------------------------

***This Email has been scanned for Viruses by MailMarshal.***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1108509036.80214.162.camel>