But more often than not UDP fragmentation floods make use of a high degree of bandwidth that is likely to exhaust the potential of the community card, that makes this rule optional and probably not one of the most valuable a single.netfilter iptables (shortly to be replaced by nftables) can be a person-space command line utility to configure kernel