path: root/extensions
diff options
author/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/ </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/>2005-12-05 01:22:50 +0000
committer/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/ </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/>2005-12-05 01:22:50 +0000
commit0b9f98f4fa8b757516b3a165d7a60aaf4f37ded2 (patch)
tree3d7b5ad1313598273fb715ea0a653d7a585ad830 /extensions
parented4ed19b98bc90b23635fd1aa62b9b86e8fc84bc (diff)
Add note that TCPMSS is only valid in the mangle table (not true today, but maybe someday)
Diffstat (limited to 'extensions')
1 files changed, 4 insertions, 1 deletions
diff --git a/extensions/ b/extensions/
index da1bce2..30668b0 100644
--- a/extensions/
+++ b/extensions/
@@ -3,6 +3,9 @@ the maximum size for that connection (usually limiting it to your
outgoing interface's MTU minus 40). Of course, it can only be used
in conjunction with
.BR "-p tcp" .
+It is only valid in the
+.BR mangle
This target is used to overcome criminally braindead ISPs or servers
which block ICMP Fragmentation Needed packets. The symptoms of this
@@ -25,7 +28,7 @@ ssh works fine, but scp hangs after initial handshaking.
Workaround: activate this option and add a rule to your firewall
configuration like:
- iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\
+ iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\
-j TCPMSS --clamp-mss-to-pmtu