On 18:57:34 Nov 13, Girish Venkatachalam wrote: > I just read the post you linked. Thanks. :)
I read the post once again and it looks as though I understood what is mentioned there. The 'no-df' in scrub rule clears the Don't fragment bit in the IP header. When a host wrongly sends fragmented packets with the DF bit set, this scrub rule "correctly" resets the DF bit. Now since the host made the mistake of sending a fragmented packet with DF bit set ( this is like saying " Please don't fragment my packet, but I myself have fragmented". Odd...) no-df scrub rule causes trouble. Scrub never causes trouble with properly formed packets. regards, Girish _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
