On Friday 14 December 2001 14.15, Julian Anastasov wrote: > ????????No, ihl includes the options. Everything works perfectly. > It is bug to use sport and dport if ip options are present. There > are tcp dst and tcp src for example. Same for udp. For icmp there > are icmp type and icmp code. All they use the same base pointer. Which only works if you have a chained the filter rules using a hash table, where the hash table has a IP offset rule. Regards Henrik
