tcp match silently drops packets
bikkit at gmail.com
Mon Oct 17 15:47:40 CEST 2005
> For the exact same reason the match also hotdrops fragments which would
> overwrite the TCP header.
> In theory just the second criteria is a must (drop fragments which could
> override an earlier decision), but as it's there the first also makes
> sense to drop the first as we can not allow a fragment filling in the
> missing pieces.
Could someone please explain these two?
More information about the netfilter-devel