<<On Sat, 3 May 2014 13:53:44 +1000 (EST), Ian Smith <smithi@nimnet.asn.au> said: > I've always allowed frags, as per the example rulesets in rc.firewall. > I only recall seeing them on DNS responses from zen.spamhaus.org, where > I see plenty of these after a resetlog before the logging limit kicks > in. I doubt I'd be getting rid of ~90% of incoming spam without; eg: Blocking inbound fragments will definitely screw you when you try to use DNSsec. -GAWollman _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"