[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: to scrub or not to scrub
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: to scrub or not to scrub
- From: david l goodrich <dlg_(_at_)_dorkzilla_(_dot_)_org>
- Date: Thu, 29 Apr 2004 19:05:38 +1000
so... if you've got no packets that would be blocked by this rule in
the last two years, why bother? i understand that past performance is
not indicative of future results, but i mean, really...
On 28 Apr 2004, at 01:57 pm, Toxa wrote:
> Hello Theo,
> Wednesday, April 28, 2004, 7:52:02 AM, you wrote:
>>> Practically, very-very little percent of normal traffic is fragmented
>>> for any reason.
> TdR> The above is complete bullshit. Just filing this for the archive
> TdR> I remember the pre-PMTU days.
> Maybe I'm sooo lucky but this is from router which is working for 2+
> years securing small network:
> 01100 0 0 deny log ip from any to any frag
> No packets...
> PF will go to replace this ipfw.
> Best regards,
> Toxa mailto:postfix_(_at_)_sendmail_(_dot_)_ru
[demime 0.98d removed an attachment of type application/pgp-signature which had a name of PGP.sig]
Visit your host, monkey.org