Thanks but there I could find: ----- If you are doing connection tracking or NAT, then all fragments will get merged back together before they reach the packet filtering code, so you need never worry about fragments. ----- And I guess by default everybody is using "connection tracking" with netfilter. Ramin On Fri, Jul 18, 2003 at 08:34:04AM -0600, Curtis Call wrote: > See: > > http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-7.html#ss7.3 > > Scroll down to 'Specifying fragments'. Looks like whether it is reassembled > prior to the filter depends on a few different factors... > > Anyway, I was having problems with a local firewall filter stalling my large > IMAP downloads. Permitting fragments did the trick...
