* mark.lati...@gmail.com <mark.lati...@gmail.com> [2013-09-01 08:01]: > Is it possible to reassemble so fragments and not others
nope; all or nothing. > or is the best app= > roach to deploy a screening router/another PF to filter but not reassemble = > in addition to the PF reassembling and scrubbing? i think you're mostly fighting ghosts here, esp with the extremely tiny share of fragments we see in real world traffic these days. the reassembly isn't completely dumb, it should be able to protect itself from the cache being filled with junk. if there is still a way we might have to amend these smarts. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, AG Hamburg HRB 128289, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
