Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # iptables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
- # ip6tables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
- # iptables -nL -v
- # ip6tables -nL -v
- This option will drop connection attempts with an MSS size between 1 and 500. Please note it might also deny some connections that may be considered valid. This mitigation works as long as net.ipv4.tcp_mtu_probing is disabled.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement