* change --log-level to "err"

[lab.git] / iptables / ufw / mangle.rules

diff --git a/iptables/ufw/mangle.rules b/iptables/ufw/mangle.rules
new file mode 100644 (file)
index 0000000..a54f525
--- /dev/null
+++ b/iptables/ufw/mangle.rules
@@ -0,0 +1,12 @@
+#
+# This file is used by /etc/init.d/setfilter
+#
+# Rules that should be stored in mangle table.
+
+
+*mangle
+# to overcome criminally braindead ISPs or servers which block ICMP Fragmentation Needed packets
+# see iptables(8)
+-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+COMMIT