Looks like a bug in Marc's script the rule is supposed to be
$IPTABLES -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j
TCPMSS --clamp-mss-to-pmtu
there is a missing 'u' at the end. ;^)
MTU stands for 'Maximum Transmission Unit' and,
as its name implies, is the maximum size of each packet sent (in octets).
Edit your /sbin/SuSEfirewall2 this line is almost @ the very bottom.
Also your'e using the old iptables wich has ftp vulnerabilty in it.
Donload an update from SuSE to iptables-1.2.1a-37 or download
and compile the latest from netfilter.samba.org
Good luck.
----- Original Message -----
From: "Sasa Janiska"
Hi Marc!
Thank you very much for providing SuSEFirewall2 to those who are not experts in firewalls and stil can get some security.
I have an ISDN connection and enabled firewall for ippp0 as it is stated in the EXAMPLES file.
However, I still (the same was in the V1.8) get some error while booting the system: iptables v1.1.2: Unknown arg '--clamp-mss-to-pmt'.
I dont' understand what it is, but the above mentioned argument is present at the end of SuSEfirewall2 script.
What's wrong?
Sincerely, Sasa
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com