Книга: Iptables Tutorial 1.2.2

Tcpmss match

Tcpmss match

The tcpmss match is used to match a packet based on the Maximum Segment Size in TCP. This match is only valid for SYN and SYN/ACK packets. For a more complete explanation of the MSS value, see the TCP options appendix, the RFC 793 - Transmission Control Protocol and the RFC 1122 - Requirements for Internet Hosts - Communication Layers documents. This match is loaded using -m tcpmss and takes only one option.

Table 10-29. Tcpmss match options

Match --mss
Kernel 2.3, 2.4, 2.5 and 2.6
Example iptables -A INPUT -p tcp --tcp-flags SYN,ACK,RST SYN -m tcpmss --mss 2000:2500
Explanation The --mss option tells the tcpmss match which Maximum Segment Sizes to match. This can either be a single specific MSS value, or a range of MSS values separated by a :. The value may also be inverted as usual using the ! sign, as in the following example:
-m tcpmss ! --mss 2000:2500
This example will match all MSS values, except for values in the range 2000 through 2500.

Оглавление книги


Генерация: 0.926. Запросов К БД/Cache: 3 / 0
поделиться
Вверх Вниз