Update firewall examples to fix PMTUD issues (#998)

According to RFC2979 Section 3.1.1 incoming ICMP Destination Unreachable / Fragmentation Needed errors MUST NOT be blocked.
2022-11-20 07:44:19 +01:00 · 2022-11-20 07:44:19 +01:00 · 12a1d3c0d9
parent ccd4389e86
commit 12a1d3c0d9
1 changed files with 3 additions and 0 deletions
--- a/content/en/admin/prerequisites.md
+++ b/content/en/admin/prerequisites.md
@ -88,6 +88,9 @@ Edit `/etc/iptables/rules.v4` and put this inside:
 #  Allow ping
 -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

+# Allow destination unreachable messages, espacally code 4 (fragmentation required) is required or PMTUD breaks
+-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
+
 #  Log iptables denied calls
 -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7