Explain that TCP fragments with an offset of 1 are reported as being

dropped by rule -1 if logging is enabled. PR: 25796 Submitted by: Crist J. Clark <cjclark@alum.mit.edu> Approved by: nik
2001-03-16 01:28:11 +00:00 · 2001-03-16 01:28:11 +00:00 · 32de505213
commit 32de505213
parent 69451beb84
1 changed files with 2 additions and 1 deletions
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@ -1075,7 +1075,8 @@ There is one kind of packet that the firewall will always
 discard, that is a TCP packet's fragment with a fragment offset of
 one.
 This is a valid packet, but it only has one use, to try
-to circumvent firewalls.
+to circumvent firewalls. When logging is enabled, these packets are
+reported as being dropped by rule -1.
 .It
 If you are logged in over a network, loading the
 .Xr kld 4