this rule is not working for me if you know if provide me a rule to drop only fragmented packets On 6/21/12, Jan Engelhardt <jengelh@xxxxxxx> wrote: > On Thursday 2012-06-21 12:46, rahul shrivastava wrote: > >>iptables -A INPUT -p icmp -i eth1 -m iprange --src-range >>172.31.114.1-172.31.114.254 -m iprange --dst-range >> 192.168.1.1-192.168.1.254 >>-f -j DROP >> >>My abjective is to deny only fragmented packets with specified ip, >> protocol >>and interface and "-f" option doesnt seem to work > > I can guarantee you that -f matches fragments -- if there are any > by the time the rule is executed. > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
