|
Last change
on this file since 12 was
12,
checked in by mitty, 15 years ago
|
- change --log-level to "err"
- accept FORWARD from LAN (eth0 with 192.168.100.0/24)
- drop CIFS access from/to WAN (eth1)
- accept access from LAN
- add custom rules for 'setfilter' script
|
|
File size:
301 bytes
|
| Line | |
|---|
| 1 | # |
|---|
| 2 | # This file is used by /etc/init.d/setfilter |
|---|
| 3 | # |
|---|
| 4 | # Rules that should be stored in mangle table. |
|---|
| 5 | |
|---|
| 6 | |
|---|
| 7 | *mangle |
|---|
| 8 | # to overcome criminally braindead ISPs or servers which block ICMP Fragmentation Needed packets |
|---|
| 9 | # see iptables(8) |
|---|
| 10 | -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu |
|---|
| 11 | |
|---|
| 12 | COMMIT |
|---|
Note: See
TracBrowser
for help on using the repository browser.
