Hi, linux version 2.6.35 iptables v1.4.9.1 my setup consists of two systems system A and system B i am using following rules on system A iptables -I INPUT -f -j DROP iptables -I OUTPUT -f -j DROP iptables -I FORWARD -f -j DROP from system B i am doing ping -s 32768 172.31.114.239(system A) ping -s 32768 172.31.114.239 PING 172.31.114.239 (172.31.114.239) 32768(32796) bytes of data. 32776 bytes from 172.31.114.239: icmp_req=1 ttl=64 time=6.02 ms 32776 bytes from 172.31.114.239: icmp_req=2 ttl=64 time=6.00 ms 32776 bytes from 172.31.114.239: icmp_req=3 ttl=64 time=6.01 ms 32776 bytes from 172.31.114.239: icmp_req=4 ttl=64 time=6.01 ms 32776 bytes from 172.31.114.239: icmp_req=5 ttl=64 time=6.02 ms 32776 bytes from 172.31.114.239: icmp_req=6 ttl=64 time=6.00 ms i am getting ping reply from system A -f is supposed to drop 2nd and further fragments of a packet, but since i am getting reply it is clear that fragments are not getting dropped. my objective is to drop fragments. please help Thanks in advance. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
