Книга: Iptables Tutorial 1.2.2
The length match is used to match packets based on their length. It is very simple. If you want to limit packet length for some strange reason, or want to block ping-of-death-like behaviour, use the length match.
Table 10-19. Length match options
|Kernel||2.4, 2.5 and 2.6|
|Example||iptables -A INPUT -p tcp -m length --length 1400:1500|
|Explanation||The example --length will match all packets with a length between 1400 and 1500 bytes. The match may also be inversed using the ! sign, like this: -m length ! --length 1400:1500 . It may also be used to match only a specific length, removing the : sign and onwards, like this: -m length --length 1400. The range matching is, of course, inclusive, which means that it includes all packet lengths in between the values you specify.|