In some mail from Bernd Eckenfels, sie said:
> SMLI Firewall technique is based on a few things:
> a) parse Packets
> b) keep state between packets
> c) do actions based on the parsed data and state
> d) send original (or modified) packets.
e) the assumption that no packet processed is a fragment
f) whenever you're looking for data in a TCP connection, it will
always be in "one packet" (re. FW-1/Gauntlet incompatibility).
SMLI breaks down and the complexity increases siginificantly when
you need to deal with (e) and (f). Granted, packets which break
the last two assumptions (e) and (f), do make up a small minority
of the cases in real life.