Re: unclean match
> it matches unclean packages. those are icmp packets with illegal types,
> those are tcp packets with illegal flag combinations, it catches some common
> udp length errors. it also checks for icmp error messages that enough
> payload of the original packets was included to be able to verify them. You
> best read the source, then you have the definitive answer.
>
> The idea behind this is mainly for forwarding, to catch packets which would
> be ignored by good host stacks anyway, and could cause harm on bad ip
> implementations.
>
well, that's kind of what I thought.
Does this module make it unnecessary to filter out any bad combination
of tcp-flags tha classic way?
Reply to: