path: root/extensions/
diff options
author/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/ </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/>2005-04-10 20:34:00 +0000
committer/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/ </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/>2005-04-10 20:34:00 +0000
commitc80b41793685bdd7693438e34af75613eefb7dbd (patch)
tree0195d802b436d023900dbe742937b91d9d5fe4dc /extensions/
parent28a9b8d5377ab9033655a80f71529a7674db85e5 (diff)
add REJECT with icmp-frag-needed (Florian Lohoff)
Diffstat (limited to 'extensions/')
1 files changed, 4 insertions, 0 deletions
diff --git a/extensions/ b/extensions/
index 174bf7b..ac43d4e 100644
--- a/extensions/
+++ b/extensions/
@@ -21,6 +21,7 @@ The type given can be
.B " icmp-net-prohibited"
.B " icmp-host-prohibited or"
.B " icmp-admin-prohibited (*)"
+.B " icmp-frag-needed"
which return the appropriate ICMP error message (\fBport-unreachable\fP is
the default). The option
@@ -31,4 +32,7 @@ TCP RST packet to be sent back. This is mainly useful for blocking
(113/tcp) probes which frequently occur when sending mail to broken mail
hosts (which won't accept your mail otherwise).
+.BI "--pmtu " "size"
+The next-hop MTU the icmp-frag-needed is sent back with.
(*) Using icmp-admin-prohibited with kernels that do not support it will result in a plain DROP instead of REJECT