Hi, kernel version is 2.6.35+ I am defining following ACL iptables -A INPUT -p icmp -i eth1 -m iprange --src-range 172.31.114.1-172.31.114.254 -m iprange --dst-range 192.168.1.1-192.168.1.254 -j DROP with above rule i can dop all icmp packets on eth1 interface but when i add -f option to deny on fragmented packets rule doesnt work iptables -A INPUT -p icmp -i eth1 -m iprange --src-range 172.31.114.1-172.31.114.254 -m iprange --dst-range 192.168.1.1-192.168.1.254 -f -j DROP My abjective is to deny only fragmented packets with specified ip, protocol and interface and "-f" option doesnt seem to work Thanks and Regards, Rahul Shrivastava -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
