On Fri, Jan 30, 2015 at 10:11 PM, David DeSimone <ddesim...@verio.net> wrote:
> Kevin Oberman wrote: > > > > For ipfw you need something like "allow ip from any to me frag". If you > > want to restrict this to DNS, restrict it to dst-port 53. > > Unfortunately, UDP fragments only contain the port number in the very > first fragment. So you will not be able to forward the later fragments > based on port number. You can only see the Src/Dest IP and Protocol number > in the fragment. > > -- > David DeSimone == f...@verio.net == Network Admin > You are, of course, correct. Specifying a destination port is meaningless. If you accept any fragments, you accept all of them. -- Kevin Oberman, Network Engineer, Retired E-mail: rkober...@gmail.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
