From owner-freebsd-questions Tue Jan 25 5: 1:26 2000 Delivered-To: freebsd-questions@freebsd.org Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by hub.freebsd.org (Postfix) with ESMTP id E2C0814F9D for ; Tue, 25 Jan 2000 05:01:24 -0800 (PST) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by vinyl.sentex.ca (8.9.3/8.9.3) with ESMTP id IAA32076; Tue, 25 Jan 2000 08:01:24 -0500 (EST) (envelope-from mike@sentex.net) Received: from chimp (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with ESMTP id IAA27768; Tue, 25 Jan 2000 08:01:23 -0500 (EST) Message-Id: <4.2.2.20000125075638.00aa1810@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Tue, 25 Jan 2000 07:59:56 -0500 To: Ruslan Ermilov From: Mike Tancsa Subject: Re: rule -1 on ipfw Cc: questions@FreeBSD.org In-Reply-To: <20000125100812.A32413@relay.ucb.crimea.ua> References: <3.0.5.32.20000124131838.01ce4e10@staff.sentex.ca> <3.0.5.32.20000124131838.01ce4e10@staff.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 10:08 AM 1/25/2000 +0200, Ruslan Ermilov wrote: >This is documented in the ipfw(8) manpage: > >: There is one kind of packet that the firewall will always discard, that >: is an IP fragment with a fragment offset of one. This is a valid packet, >: but it only has one use, to try to circumvent firewalls. Ahh, thanks! I did check the man page, but didn't connect the above to showing up as -1. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message