diff options
author | dd <dd@FreeBSD.org> | 2001-03-16 01:28:11 +0000 |
---|---|---|
committer | dd <dd@FreeBSD.org> | 2001-03-16 01:28:11 +0000 |
commit | 7f442388973f2610901371a054c2c72dfac0ca14 (patch) | |
tree | 83a5561556c314e012cdd8aa9d26490f81e427a0 /sbin | |
parent | 2853c4c6199fe128554def6710f9aea4af698253 (diff) | |
download | FreeBSD-src-7f442388973f2610901371a054c2c72dfac0ca14.zip FreeBSD-src-7f442388973f2610901371a054c2c72dfac0ca14.tar.gz |
Explain that TCP fragments with an offset of 1 are reported as being
dropped by rule -1 if logging is enabled.
PR: 25796
Submitted by: Crist J. Clark <cjclark@alum.mit.edu>
Approved by: nik
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 5b8b82e..e2815fd 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1075,7 +1075,8 @@ There is one kind of packet that the firewall will always discard, that is a TCP packet's fragment with a fragment offset of one. This is a valid packet, but it only has one use, to try -to circumvent firewalls. +to circumvent firewalls. When logging is enabled, these packets are +reported as being dropped by rule -1. .It If you are logged in over a network, loading the .Xr kld 4 |