From owner-freebsd-hackers  Tue Nov  5 04:08:04 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id EAA27916
          for hackers-outgoing; Tue, 5 Nov 1996 04:08:04 -0800 (PST)
Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id EAA27875;
          Tue, 5 Nov 1996 04:07:55 -0800 (PST)
Message-Id: <199611051207.EAA27875@freefall.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA274375393; Tue, 5 Nov 1996 23:03:13 +1100
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: ip_fw.c - bug or feature ?
To: cliff@st.simbirsk.su (Viacheslav Andreev)
Date: Tue, 5 Nov 1996 23:03:13 +1100 (EDT)
Cc: freebsd-hackers@freebsd.org, freebsd-security@freebsd.org
In-Reply-To: <199611050930.AA26920@mpool.st.simbirsk.su> from "Viacheslav Andreev" at Nov 5, 96 12:30:08 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In some mail from Viacheslav Andreev, sie said:
> 
> Hi!
> 
> I am not shure, this is a bug or feature.
> While trying to disable tcp traffic for some port, f.e.
> 
> ipfw add 1070 deny log tcp from any to 192.168.0.1 80
> 
> , there are false dropping of fragmented (i.e. 2-nd and next-s without
> tcp port info) packets of ftp traffic. IMHO, it is a result of
> matching fragments over firewall rules with tcp port specs :

bug.  A rule with port fields or TCP flags to match should not match a
fragment.

Darren