[netfilter-cvslog] r6292 - trunk/iptables/extensions
kaber at netfilter.org
kaber at netfilter.org
Mon Dec 5 02:22:51 CET 2005
Author: kaber at netfilter.org
Date: 2005-12-05 02:22:50 +0100 (Mon, 05 Dec 2005)
New Revision: 6292
Modified:
trunk/iptables/extensions/libipt_TCPMSS.man
Log:
Add note that TCPMSS is only valid in the mangle table (not true today, but maybe someday)
Modified: trunk/iptables/extensions/libipt_TCPMSS.man
===================================================================
--- trunk/iptables/extensions/libipt_TCPMSS.man 2005-12-04 01:07:17 UTC (rev 6291)
+++ trunk/iptables/extensions/libipt_TCPMSS.man 2005-12-05 01:22:50 UTC (rev 6292)
@@ -3,6 +3,9 @@
outgoing interface's MTU minus 40). Of course, it can only be used
in conjunction with
.BR "-p tcp" .
+It is only valid in the
+.BR mangle
+table.
.br
This target is used to overcome criminally braindead ISPs or servers
which block ICMP Fragmentation Needed packets. The symptoms of this
@@ -25,7 +28,7 @@
Workaround: activate this option and add a rule to your firewall
configuration like:
.nf
- iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\
+ iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\
-j TCPMSS --clamp-mss-to-pmtu
.fi
.TP
More information about the netfilter-cvslog
mailing list