Date: Wed, 16 Feb 2005 10:10:36 +1100 From: Murray Taylor <mtaylor@bytecraft.com.au> To: dick hoogendijk <dick@nagual.st> Cc: freebsdquestions <freebsd-questions@freebsd.org> Subject: Re: ipfilter "flags s keep state" question Message-ID: <1108509036.80214.162.camel@wstaylorm.dand06.au.bytecraft.au.com> In-Reply-To: <20050215223621.4f7790d8.dick@nagual.st> References: <20050215223621.4f7790d8.dick@nagual.st>
next in thread | previous in thread | raw e-mail | index | archive | help
tcp rules can use 'keep frags' TCP packets allow fragmentation by intermediate routers that need re-assembly at the final destination On Wed, 2005-02-16 at 08:36, dick hoogendijk wrote: > I read a lot of rulesets for ipfilter just to study how others do the > job. > I've read the ipf HOWTO too. One thing is still very unclear to me > though. > Most rules for tcp have something like "flags S keep state" but *some* > have "flags S keep state keep frags" > > Can someone explain to me *when* to use keep frags and when not to? The > HOWTO is very unclear about this. What exactly is the use of this extra > 'keep frags'? -- Murray Taylor Special Projects Engineer --------------------------------- Bytecraft Systems & Entertainment P: +61 3 8710 2555 F: +61 3 8710 2599 D: +61 3 9238 4275 M: +61 417 319 256 E: mtaylor@bytecraft.com.au or visit us on the web http://www.bytecraftsystems.com http://www.bytecraftentertainment.com --------------------------------------------------------------- The information transmitted in this e-mail is for the exclusive use of the intended addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. E-mails may not be secure, may contain computer viruses and may be corrupted in transmission. Please carefully check this e-mail (and any attachment) accordingly. No warranties are given and no liability is accepted for any loss or damage caused by such matters. --------------------------------------------------------------- ***This Email has been scanned for Viruses by MailMarshal.***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1108509036.80214.162.camel>