summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason Fesler <jfesler@vm1.test-ipv6.com>2015-02-18 10:35:19 -0800
committerJason Fesler <jfesler@vm1.test-ipv6.com>2015-02-18 10:35:19 -0800
commit1a4c7e35b936d9a941e53583672a94d7d097aaf9 (patch)
tree9aa9f87363c9d227b484cd33f49612fa768e55c2
parent577b1ae77518142085db7593cd08bf0ad629e379 (diff)
downloadmtu1280d-1a4c7e35b936d9a941e53583672a94d7d097aaf9.tar.gz
mtu1280d-1a4c7e35b936d9a941e53583672a94d7d097aaf9.zip
Fixing the README
Diffstat
-rw-r--r--Makefile3
-rw-r--r--README.md24
2 files changed, 22 insertions, 5 deletions
diff --git a/Makefile b/Makefile
index 9e3d315..1f3737e 100644
--- a/Makefile
+++ b/Makefile
@@ -10,6 +10,9 @@ help:
mtu1280d: mtu1280d.c
gcc -o mtu1280d mtu1280d.c -lnetfilter_queue || ( echo "see README.md for prerequisites" && exit 1 )
+test: mtu1280d
+ sudo ./mtu1280d -g
+
clean:
rm -f mtu1280d
diff --git a/README.md b/README.md
index 3791b51..42099ab 100644
--- a/README.md
+++ b/README.md
@@ -18,13 +18,14 @@ is recommended.
Once up and running, configure ip6tables to route
large packets destined to the desired IP to the netfilter queue.
-Example rule:
+Example rules:
```
-guest% sudo ip6tables-save | grep NFQ
--A INPUT -d 2001:470:1f04:d63::2/128 -m length --length 1281:65535 -j -NFQUEUE --queue-num 1280
+iptables -t mangle -A PREROUTING -d 2001:470:1f04:d63::2/128 -m length --length 1281:65535 -j -NFQUEUE --queue-num 1280
+iptables -A INPUT -m mark --mark 0x501 -m comment --comment "Drop packets marked 1281 (too big)" -j DROP
```
+
REQUIREMENTS
------------
@@ -52,13 +53,26 @@ ip6tables-restore /etc/iptables/rules.v6
/etc/iptables/rules.v6 (simplified version, only includes mtu1280d rule)
```
-# Generated by ip6tables-save v1.4.21 on Tue Feb 17 10:54:23 2015
+# Generated by ip6tables-save v1.4.21 on Wed Feb 18 10:14:54 2015
+*mangle
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+-A PREROUTING -d 2001:470:1:18::1280/128 -m length --length 1:65535 -m comment --comment "Mark packets using mtu1280d as small enough (1280) or too big (1281)" -j NFQUEUE --queue-num 1280
+COMMIT
+# Completed on Wed Feb 18 10:14:54 2015
+# Generated by ip6tables-save v1.4.21 on Wed Feb 18 10:14:54 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
--A INPUT -d 2001:470:1f04:d63::2/128 -m length --length 1281:65535 -j NFQUEUE --queue-num 1280
+:CHECK_ABUSE - [0:0]
+:ONLY-GIGO - [0:0]
+-A INPUT -m mark --mark 0x501 -m comment --comment "Drop packets marked 1281 (too big)" -j DROP
COMMIT
+# Completed on Wed Feb 18 10:14:54 2015
```
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-07 12:10:56 +0000