[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    -f option with iptables
From:       rahul shrivastava <shrivastavaone () gmail ! com>
Date:       2012-08-28 13:22:24
Message-ID: CAE1WnGd1ZHJDJEbOkBqbWqRSuNUTBy_Guo4bG3DMP783y=0Q9A () mail ! gmail ! com
[Download RAW message or body]

Hi,
linux version 2.6.35
iptables v1.4.9.1

my setup consists of two systems system A and system B
i am using following rules on  system A

iptables -I INPUT  -f -j DROP
iptables -I OUTPUT  -f -j DROP
iptables -I FORWARD  -f -j DROP

from system B i am doing  ping -s 32768 172.31.114.239(system A)

ping -s 32768 172.31.114.239
PING 172.31.114.239 (172.31.114.239) 32768(32796) bytes of data.
32776 bytes from 172.31.114.239: icmp_req=1 ttl=64 time=6.02 ms
32776 bytes from 172.31.114.239: icmp_req=2 ttl=64 time=6.00 ms
32776 bytes from 172.31.114.239: icmp_req=3 ttl=64 time=6.01 ms
32776 bytes from 172.31.114.239: icmp_req=4 ttl=64 time=6.01 ms
32776 bytes from 172.31.114.239: icmp_req=5 ttl=64 time=6.02 ms
32776 bytes from 172.31.114.239: icmp_req=6 ttl=64 time=6.00 ms

i am getting ping reply from system A
-f is supposed to drop 2nd  and further fragments of a packet, but
since i am getting reply it is clear that fragments are not getting
dropped.
my objective is to drop fragments. please help


Thanks in advance.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]