path: root/extensions/
diff options
authorFlorian Lohoff <>2005-04-10 20:34:00 +0000
committerHarald Welte <>2005-04-10 20:34:00 +0000
commit7a8bdfdd5f21c67fd1d47d2b1d94b5a61d2e14af (patch)
tree0195d802b436d023900dbe742937b91d9d5fe4dc /extensions/
parent182f3f62acbcb88b615b3d7d5940e316472be049 (diff)
add REJECT with icmp-frag-needed (Florian Lohoff)
Diffstat (limited to 'extensions/')
1 files changed, 4 insertions, 0 deletions
diff --git a/extensions/ b/extensions/
index 174bf7b3..ac43d4e1 100644
--- a/extensions/
+++ b/extensions/
@@ -21,6 +21,7 @@ The type given can be
.B " icmp-net-prohibited"
.B " icmp-host-prohibited or"
.B " icmp-admin-prohibited (*)"
+.B " icmp-frag-needed"
which return the appropriate ICMP error message (\fBport-unreachable\fP is
the default). The option
@@ -31,4 +32,7 @@ TCP RST packet to be sent back. This is mainly useful for blocking
(113/tcp) probes which frequently occur when sending mail to broken mail
hosts (which won't accept your mail otherwise).
+.BI "--pmtu " "size"
+The next-hop MTU the icmp-frag-needed is sent back with.
(*) Using icmp-admin-prohibited with kernels that do not support it will result in a plain DROP instead of REJECT