On Mon, Sep 01, 2003 at 01:03:48PM +0200, Maciej Soltysiak wrote: > Hi, > > ask where this FAQ entry is... > http://www.netfilter.org/documentation/FAQ/netfilter-faq-3.html#ss3.14 Ok, slightly off topic to this thread, but I still need to know from that faq entry: QUOTE Please do not use the string match from patch-o-matic instead of application proxy filtering. It would be defeated anytime by fragmented packets (i.e. an HTTP request split on two TCP packets), ENDQUOTE I thought iptables collects all fragments and reassembles the packet before applying any rules? Or am I dead wrong here? Regs, Sven -- Sven Riedel sr@xxxxxxxx Liebigstr. 38 30163 Hannover "Python is merely Perl for those who prefer Pascal to C" (anon)
