Bastille default ALLOW_FRAGMENTS="Y"

The default setting in bastille-firewall.cfg is ALLOW_FRAGMENTS="Y".

In the configuration file the notes say "There's no good reason to allow these". It also says ALLOW_FRAGMENTS="N" is the safest setting.

Why is the default setting for ISPConfig ALLOW_FRAGMENTS="Y"? Is there any downside to changing this to "N" in the cfg file and the master cfg file?

 

I use
ALLOW_FRAGMENTS="N"
I have never seen any ill effects yet.

 

Thanks. I'll give that a try.