On 16 Feb Murray Taylor wrote: > tcp rules can use 'keep frags' > TCP packets allow fragmentation by intermediate routers > that need re-assembly at the final destination > > On Wed, 2005-02-16 at 08:36, dick hoogendijk wrote: > > I read a lot of rulesets for ipfilter just to study how others do > > the job. I've read the ipf HOWTO too. One thing is still very > > unclear to me though. Most rules for tcp have something like "flags > > S keep state" but *some* have "flags S keep state keep frags" > > > > Can someone explain to me *when* to use keep frags and when not to? > > The HOWTO is very unclear about this. What exactly is the use of > > this extra 'keep frags'?
YES, I know tcp packets can get fragmented. I wander however why in most cases people just use "keep state" and *sometimes* "keep state keep frags" I really like to know when or when not to use "keep frags" In other words: when is it really useful and when is it not? -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.11 ++ FreeBSD 5.3 + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"