diff options
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | README.md | 24 |
2 files changed, 22 insertions, 5 deletions
@@ -10,6 +10,9 @@ help: mtu1280d: mtu1280d.c gcc -o mtu1280d mtu1280d.c -lnetfilter_queue || ( echo "see README.md for prerequisites" && exit 1 ) +test: mtu1280d + sudo ./mtu1280d -g + clean: rm -f mtu1280d @@ -18,13 +18,14 @@ is recommended. Once up and running, configure ip6tables to route large packets destined to the desired IP to the netfilter queue. -Example rule: +Example rules: ``` -guest% sudo ip6tables-save | grep NFQ --A INPUT -d 2001:470:1f04:d63::2/128 -m length --length 1281:65535 -j -NFQUEUE --queue-num 1280 +iptables -t mangle -A PREROUTING -d 2001:470:1f04:d63::2/128 -m length --length 1281:65535 -j -NFQUEUE --queue-num 1280 +iptables -A INPUT -m mark --mark 0x501 -m comment --comment "Drop packets marked 1281 (too big)" -j DROP ``` + REQUIREMENTS ------------ @@ -52,13 +53,26 @@ ip6tables-restore /etc/iptables/rules.v6 /etc/iptables/rules.v6 (simplified version, only includes mtu1280d rule) ``` -# Generated by ip6tables-save v1.4.21 on Tue Feb 17 10:54:23 2015 +# Generated by ip6tables-save v1.4.21 on Wed Feb 18 10:14:54 2015 +*mangle +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +-A PREROUTING -d 2001:470:1:18::1280/128 -m length --length 1:65535 -m comment --comment "Mark packets using mtu1280d as small enough (1280) or too big (1281)" -j NFQUEUE --queue-num 1280 +COMMIT +# Completed on Wed Feb 18 10:14:54 2015 +# Generated by ip6tables-save v1.4.21 on Wed Feb 18 10:14:54 2015 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] --A INPUT -d 2001:470:1f04:d63::2/128 -m length --length 1281:65535 -j NFQUEUE --queue-num 1280 +:CHECK_ABUSE - [0:0] +:ONLY-GIGO - [0:0] +-A INPUT -m mark --mark 0x501 -m comment --comment "Drop packets marked 1281 (too big)" -j DROP COMMIT +# Completed on Wed Feb 18 10:14:54 2015 ``` |