On Thu, 5 Aug 2004, Bart De Schuymer wrote: > It has nothing to do with ebtables. It's all about connection tracking of ipv4 > packets on a transparent bridging firewall. Ct defragments packets, on the > ipv4 PREROUTING hook, because it makes things easier. Ct on a transparent > bridge is something people need. The question on why the bridge needs to drop oversized fragments instead of simply letting iptables fragment them remains... Regards Henrik
