Explain that TCP fragments with an offset of 1 are reported as being

dropped by rule -1 if logging is enabled. PR: 25796 Submitted by: Crist J. Clark <cjclark@alum.mit.edu> Approved by: nik
author: dd <dd@FreeBSD.org> 2001-03-16 01:28:11 +0000
committer: dd <dd@FreeBSD.org> 2001-03-16 01:28:11 +0000
commit: 7f442388973f2610901371a054c2c72dfac0ca14 (patch)
tree: 83a5561556c314e012cdd8aa9d26490f81e427a0 /sbin/ipfw
parent: 2853c4c6199fe128554def6710f9aea4af698253 (diff)
download: FreeBSD-src-7f442388973f2610901371a054c2c72dfac0ca14.zip
FreeBSD-src-7f442388973f2610901371a054c2c72dfac0ca14.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 5b8b82e..e2815fd 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -1075,7 +1075,8 @@ There is one kind of packet that the firewall will always
 discard, that is a TCP packet's fragment with a fragment offset of
 one.
 This is a valid packet, but it only has one use, to try
-to circumvent firewalls.
+to circumvent firewalls. When logging is enabled, these packets are
+reported as being dropped by rule -1.
 .It
 If you are logged in over a network, loading the
 .Xr kld 4
author	dd <dd@FreeBSD.org>	2001-03-16 01:28:11 +0000
committer	dd <dd@FreeBSD.org>	2001-03-16 01:28:11 +0000
commit	7f442388973f2610901371a054c2c72dfac0ca14 (patch)
tree	83a5561556c314e012cdd8aa9d26490f81e427a0 /sbin/ipfw
parent	2853c4c6199fe128554def6710f9aea4af698253 (diff)
download	FreeBSD-src-7f442388973f2610901371a054c2c72dfac0ca14.zip FreeBSD-src-7f442388973f2610901371a054c2c72dfac0ca14.tar.gz