From owner-freebsd-questions@FreeBSD.ORG  Sat Apr 22 13:19:01 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D509F16A402
	for <freebsd-questions@freebsd.org>;
	Sat, 22 Apr 2006 13:19:01 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from pi.codefab.com (pi.codefab.com [199.103.21.227])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 794E243D4C
	for <freebsd-questions@freebsd.org>;
	Sat, 22 Apr 2006 13:19:01 +0000 (GMT) (envelope-from cswiger@mac.com)
Received: from localhost (localhost [127.0.0.1])
	by pi.codefab.com (Postfix) with ESMTP id D59345E75;
	Sat, 22 Apr 2006 09:19:00 -0400 (EDT)
X-Virus-Scanned: amavisd-new at codefab.com
Received: from pi.codefab.com ([127.0.0.1])
	by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id iSv9x-O38OUI; Sat, 22 Apr 2006 09:19:00 -0400 (EDT)
Received: from [192.168.1.3] (pool-68-160-235-217.ny325.east.verizon.net
	[68.160.235.217])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pi.codefab.com (Postfix) with ESMTP id 1B48E5D0B;
	Sat, 22 Apr 2006 09:19:00 -0400 (EDT)
Message-ID: <444A2D4E.1060004@mac.com>
Date: Sat, 22 Apr 2006 09:19:10 -0400
From: Chuck Swiger <cswiger@mac.com>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: Andrew Wingorodov <mail@andr.ru>
References: <200604221310.49569.mail@andr.ru>
In-Reply-To: <200604221310.49569.mail@andr.ru>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: how to forbid to process IP, which are fragmentation?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Apr 2006 13:19:01 -0000

Andrew Wingorodov wrote:
> how to forbid to process IP, which are fragmentation?

   ipfw add deny all from any to any frag

...but please be very sure that you are passing the ICMP message types used for 
path MTU discovery, or else your network may become a "notwork", at least as far 
as large packet sizes are concerned.

-- 
-Chuck