>Van : Henrik Nordstrom [mailto:hno@xxxxxxxxxxxxxxx] >Verzonden : donderdag , augustus 5, 2004 07:55 AM >Aan : 'Bart De Schuymer' >The question on why the bridge needs to drop oversized fragments instead >of simply letting iptables fragment them remains... As Stephen explained, bridge ports of the same bridge device no longer need to have the same mtu. So the bridge code needs to drop packets (ARP, IP, whatever) that will be too long for the output port. The whole idea behind the new flag is giving the bridge code enough information so it doesn't drop to-be-fragmented packets. cheers, Bart
