From owner-freebsd-questions@FreeBSD.ORG  Sat Apr 12 06:39:17 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 37E1E37B401
	for <freebsd-questions@freebsd.org>;
	Sat, 12 Apr 2003 06:39:17 -0700 (PDT)
Received: from anchor-post-32.mail.demon.net (anchor-post-32.mail.demon.net
	[194.217.242.90])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 621B043F85
	for <freebsd-questions@freebsd.org>;
	Sat, 12 Apr 2003 06:39:16 -0700 (PDT)
	(envelope-from jeff@jrpenn.demon.co.uk)
Received: from jrpenn.demon.co.uk ([194.222.241.254])
	by anchor-post-32.mail.demon.net with esmtp (Exim 3.35 #1)
	id 194LDs-0008W6-0W
	for freebsd-questions@freebsd.org; Sat, 12 Apr 2003 14:39:13 +0100
Received: from jrpenn.demon.co.uk (localhost [127.0.0.1])
	by jrpenn.demon.co.uk (8.12.8p1/8.12.8) with ESMTP id h3CDewkL009988
	for <freebsd-questions@freebsd.org>;
	Sat, 12 Apr 2003 14:41:03 +0100 (BST)
	(envelope-from jeff@jrpenn.demon.co.uk)
Received: (from jeff@localhost)
	by jrpenn.demon.co.uk (8.12.8p1/8.12.8/Submit) id h3CDerE3009987
	for freebsd-questions@freebsd.org;
	Sat, 12 Apr 2003 14:40:53 +0100 (BST)	(envelope-from jeff)
Date: Sat, 12 Apr 2003 14:40:31 +0100
From: Jeff Penn <jeff@jrpenn.demon.co.uk>
To: freebsd-questions@freebsd.org
Message-ID: <20030412134031.GA94973@jrpenn.demon.co.uk>
Mail-Followup-To: freebsd-questions@freebsd.org
References: <200304120023.h3C0NtvN036040@server1.shellworld.net>
	<20030412053057.GB65034@gothmog.gr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030412053057.GB65034@gothmog.gr>
User-Agent: Mutt/1.4.1i
Subject: Re: Firewall Rules/connection troubles
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Apr 2003 13:39:17 -0000

On Sat, Apr 12, 2003 at 08:30:57AM +0300, Giorgos Keramidas wrote:
> 
>   h. You're blocking fragments.  It's not always a good idea.

Provided most rules use check-state, and the 'deny frag' rule follows
the check-state rules, won't valid fragments be passed by dynamic 
rules?.

Jeff