On Thursday 2012-06-21 12:46, rahul shrivastava wrote: >iptables -A INPUT -p icmp -i eth1 -m iprange --src-range >172.31.114.1-172.31.114.254 -m iprange --dst-range 192.168.1.1-192.168.1.254 >-f -j DROP > >My abjective is to deny only fragmented packets with specified ip, protocol >and interface and "-f" option doesnt seem to work I can guarantee you that -f matches fragments -- if there are any by the time the rule is executed. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
