Filtering Smaller Packets

Firewall filtering is not supported for packets of 1-4 bytes length. To filter packets of 1 to 4 bytes length, include an additional term to match the packet size.

For example, lets consider the following filter term:

term 1 { 

    from {

        fragment-offset-except 0;

    }

    then {

        reject;

    }

}

To consider packets with 1 to 4 bytes length, include an additional term to match the packet size:

term 2 { 

    from {

        packet-length [ 21 - 24 ];

    }

    then {

        reject;

    }

}