Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Packet fragments

As per RFC 6192, all packets fragments are dropped unless a stateful firewall has been configured to permit the packets. This is to avoid a possible denial of service attack.

For one example of filtering traffic of fragmented packets, see "Filtering on Source IP Address”.

Figure 1. Traffic flows originating from the router system