02-15-2013
There are many reasons fragmentation is not preferred, and here is another. Since packet fragmentation is an IP level function, the udp or tcp header is just payload, and it is only in the first fragment.
I suppose you could write a stateful version of the ip*table that caches the udp/tcp header and the routing or discard decision it received for fragmented packets. But it is possible for fragements to get out of order, so the first fragment might not arrive first.
A proxy firewall like socks would assemble packets before deciding to forward them or discard them, and if forwarded, they would be re-fragmented.
9 More Discussions You Might Find Interesting
1. IP Networking
I'm running OS X. (OS X Server actually) and right now I use a program called BrickHouse to handle my router configuration. But this program kind of sucks. I'd much rather learn how to configure these programs manually. By these programs, I mean the programs OS X comes with to handle these jobs... (0 Replies)
Discussion started by: l008com
0 Replies
2. HP-UX
Dear All,
I am facing an issue related to cronjob and explained below is the case study:
1. I have a java class named "DmCheckRenditionQueue.java" and placed under "/cpc/documentum/product/5.2.5/tomcat/webapps/rendition"
2. When I am using the command
"/usr/openv/java/jre/bin/java -cp... (1 Reply)
Discussion started by: parindam
1 Replies
3. Cybersecurity
I'm running IPF on solaris 10
bash-3.00# ipf -V #display ipf version
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask: 0x107
with the following rules
bash-3.00# ipfstat -o -i... (0 Replies)
Discussion started by: h@foorsa.biz
0 Replies
4. Shell Programming and Scripting
Hi,
I have a logrotate configuration which rotates a log every night 1 min before midnight, but somehow its not working and unfortunately not showing any error message as well. Sharing the code for the cron job as well as the conf file, I am using, if some one coule help me..whats wrong with... (2 Replies)
Discussion started by: Neeryan
2 Replies
5. Infrastructure Monitoring
Hi,
I have installed Nagios on Redhat Linux,
I have installed Nagios+Plugins+NRPE on Server A (Host Server) and Nagios Plugins + nrpe on remote linux server (red hat linux)
run the command on remote linux host, it returns nrpe version
usr/local/nagios/libexec/check_nrpe -H localhost
... (1 Reply)
Discussion started by: manoj.solaris
1 Replies
6. Shell Programming and Scripting
Hi,
Greetings.
We need to make a regexp based rule engine.
The rules would be applied to any file specified and the data not matching should be logged.
Would awk be the right scripting language.
Regards,
Dikesh Shah. (2 Replies)
Discussion started by: dikesm
2 Replies
7. Solaris
Hi,
i am facing issue while installing weblogic on solaris..its giving me invalid argument error. solaris is intstalled on my VM.
uname -a
SunOS Vishal 5.10 Generic_137138-09 i86pc i386 i86pc
screenshot attached. (5 Replies)
Discussion started by: Vishal Baghla
5 Replies
8. IP Networking
Hello,
I wanted to setup routing certain traffic (http/s) out via a second (faster) interface, like described in the following docs (may not post urls):
linux-ip.net /html/adv-multi-internet.html
thegeekstuff.com /2014/08/add-route-ip-command/
I already had this working years ago on... (0 Replies)
Discussion started by: hyphan
0 Replies
9. SuSE
Please let me know how to configure network in suse Linux, I have configured the network using ifup and network manager, it is not giving any error but not working,
using suse Linux 11.0 sp3
I have checked network connectivity is working. (0 Replies)
Discussion started by: manoj.solaris
0 Replies
LEARN ABOUT SUSE
ip6tables-save
IP6TABLES-SAVE(8) IP6TABLES-SAVE(8)
NAME
ip6tables-save -- dump iptables rules to stdout
SYNOPSIS
ip6tables-save [-M modprobe] [-c] [-t table
DESCRIPTION
ip6tables-save is used to dump the contents of an IPv6 Table in easily parseable format to STDOUT. Use I/O-redirection provided by your
shell to write to a file.
-M modprobe_program
Specify the path to the modprobe program. By default, iptables-save will inspect /proc/sys/kernel/modprobe to determine the exe-
cutable's path.
-c, --counters
include the current values of all packet and byte counters in the output
-t, --table tablename
restrict output to only one table. If not specified, output includes all available tables.
BUGS
None known as of iptables-1.2.1 release
AUTHORS
Harald Welte <laforge@gnumonks.org>
Andras Kis-Szabo <kisza@sch.bme.hu>
SEE ALSO
ip6tables-restore(8), ip6tables(8)
The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which details NAT, and the netfilter-hacking-HOWTO which details the
internals.
Jan 30, 2002 IP6TABLES-SAVE(8)