Filtering Fragments


Fragments can confuse us, so add new code:

        	tcp {
        		ipoffset(>=20) { accept; }
        		not ipoffset(0) || ipdatalen(<20) {
        			reject;
        		}
        		established { accept; }
        		not tcpflags(syn) { reject; }
        		dstport(http/tcp) {
        			dstaddr(www.windriver.com) {
        				accept;
        			}
        			reject;
        		}
        	}