[netfilter-cvslog] r6292 - trunk/iptables/extensions

kaber at netfilter.org kaber at netfilter.org
Mon Dec 5 02:22:51 CET 2005

Author: kaber at netfilter.org
Date: 2005-12-05 02:22:50 +0100 (Mon, 05 Dec 2005)
New Revision: 6292

Add note that TCPMSS is only valid in the mangle table (not true today, but maybe someday)

Modified: trunk/iptables/extensions/libipt_TCPMSS.man
--- trunk/iptables/extensions/libipt_TCPMSS.man	2005-12-04 01:07:17 UTC (rev 6291)
+++ trunk/iptables/extensions/libipt_TCPMSS.man	2005-12-05 01:22:50 UTC (rev 6292)
@@ -3,6 +3,9 @@
 outgoing interface's MTU minus 40).  Of course, it can only be used
 in conjunction with
 .BR "-p tcp" .
+It is only valid in the
+.BR mangle
 This target is used to overcome criminally braindead ISPs or servers
 which block ICMP Fragmentation Needed packets.  The symptoms of this
@@ -25,7 +28,7 @@
 Workaround: activate this option and add a rule to your firewall
 configuration like:
- iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\
+ iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\
              -j TCPMSS --clamp-mss-to-pmtu

More information about the netfilter-cvslog mailing list