Last change
on this file since 12 was
12,
checked in by mitty, 15 years ago
|
- change --log-level to "err"
- accept FORWARD from LAN (eth0 with 192.168.100.0/24)
- drop CIFS access from/to WAN (eth1)
- accept access from LAN
- add custom rules for 'setfilter' script
|
File size:
301 bytes
|
Line | |
---|
1 | # |
---|
2 | # This file is used by /etc/init.d/setfilter |
---|
3 | # |
---|
4 | # Rules that should be stored in mangle table. |
---|
5 | |
---|
6 | |
---|
7 | *mangle |
---|
8 | # to overcome criminally braindead ISPs or servers which block ICMP Fragmentation Needed packets |
---|
9 | # see iptables(8) |
---|
10 | -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu |
---|
11 | |
---|
12 | COMMIT |
---|
Note: See
TracBrowser
for help on using the repository browser.