-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mika Borner wrote:
| Hi all
|
| I have three questions:
|
| -Is it possible to fast-route only fragmented packets? We plan to
route port 25 traffic to an outgoing spamfilter running on Solaris. In
rare cases, we might have fragmented packets in our network. In that
case only the first packet will get rerouted, as the following fragments
do not contain port information and will never be received by the
spamfilter. I would like to handle this in a sane way...
Sure...although I don't know if I answered this question...
pass in quick on bge0 to bge1:2.3.4.5 proto tcp all with frag-body
| -As some customers misuse port 25 for non-SMTP-traffic, I would like
to either block or transparently pass such traffic. The "simple matching
of content" -feature would come very close to what I want. Is it still
experimental? Or maybe someone knows of an other way to accomplish this...
.. because I remember answering this...did it get resolved?
|
| -Are there instructions how to replace Solaris 10U7 ipf with a custom one?
Use the script SunOS5/replace
Darren
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpt9lwACgkQP7JIXtvLbFXctwCeJwJhuWNRYXXXPhZ6Zx9m15Xy
x0EAnjGyGlrTFbfOHmJsLcSVQ0Poa/3i
=k3Ba
-----END PGP SIGNATURE-----
