Add note that TCPMSS is only valid in the mangle table (not true today, but maybe...

author Patrick McHardy <kaber@trash.net>

Mon, 5 Dec 2005 01:22:50 +0000 (01:22 +0000)

committer Patrick McHardy <kaber@trash.net>

Mon, 5 Dec 2005 01:22:50 +0000 (01:22 +0000)
author Patrick McHardy <kaber@trash.net>
Mon, 5 Dec 2005 01:22:50 +0000 (01:22 +0000)
committer Patrick McHardy <kaber@trash.net>
Mon, 5 Dec 2005 01:22:50 +0000 (01:22 +0000)
diff --git a/extensions/libipt_TCPMSS.man b/extensions/libipt_TCPMSS.man

index da1bce2d26b762b7f52ac366365cf502168fb659..30668b025cc5dd55cb7c5cfd0be5698cb73edd77 100644 (file)
--- a/extensions/libipt_TCPMSS.man
+++ b/extensions/libipt_TCPMSS.man
@@ -3,6 +3,9 @@ the maximum size for that connection (usually limiting it to your
  outgoing interface's MTU minus 40).  Of course, it can only be used
  in conjunction with
  .BR "-p tcp" .
+It is only valid in the
+.BR mangle
+table.
  .br
  This target is used to overcome criminally braindead ISPs or servers
  which block ICMP Fragmentation Needed packets.  The symptoms of this
@@ -25,7 +28,7 @@ ssh works fine, but scp hangs after initial handshaking.
  Workaround: activate this option and add a rule to your firewall
  configuration like:
  .nf
- iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\
+ iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\
               -j TCPMSS --clamp-mss-to-pmtu
  .fi
  .TP
author	Patrick McHardy <kaber@trash.net>
	Mon, 5 Dec 2005 01:22:50 +0000 (01:22 +0000)
committer	Patrick McHardy <kaber@trash.net>
	Mon, 5 Dec 2005 01:22:50 +0000 (01:22 +0000)