summaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'README.md')
-rw-r--r--README.md11
1 files changed, 6 insertions, 5 deletions
diff --git a/README.md b/README.md
index 42099ab..51fc3ad 100644
--- a/README.md
+++ b/README.md
@@ -21,10 +21,13 @@ large packets destined to the desired IP to the netfilter queue.
Example rules:
```
-iptables -t mangle -A PREROUTING -d 2001:470:1f04:d63::2/128 -m length --length 1281:65535 -j -NFQUEUE --queue-num 1280
-iptables -A INPUT -m mark --mark 0x501 -m comment --comment "Drop packets marked 1281 (too big)" -j DROP
+iptables -t mangle -A PREROUTING -d 2001:db1::1280/128 -j -NFQUEUE --queue-num 1280
```
+mtu1280d will, when it sees a packet > 1280 bytes long,
+both reject the packet as well as generate an ICMPv6 Packet Too Big
+back to the sender.
+
REQUIREMENTS
------------
@@ -60,7 +63,7 @@ ip6tables-restore /etc/iptables/rules.v6
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
--A PREROUTING -d 2001:470:1:18::1280/128 -m length --length 1:65535 -m comment --comment "Mark packets using mtu1280d as small enough (1280) or too big (1281)" -j NFQUEUE --queue-num 1280
+-A PREROUTING -d 2001:db8::1280/128 -j NFQUEUE --queue-num 1280
COMMIT
# Completed on Wed Feb 18 10:14:54 2015
# Generated by ip6tables-save v1.4.21 on Wed Feb 18 10:14:54 2015
@@ -69,8 +72,6 @@ COMMIT
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:CHECK_ABUSE - [0:0]
-:ONLY-GIGO - [0:0]
--A INPUT -m mark --mark 0x501 -m comment --comment "Drop packets marked 1281 (too big)" -j DROP
COMMIT
# Completed on Wed Feb 18 10:14:54 2015
```
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-07 23:39:32 +0000