Linux – How to edit TCP window size from iptables

iptableslinuxtcptcp-window-scaling

There is TCPMSS target to edit MSS value of connections (including forwarded).

How to edit window size (for example, cap to some maximum value) by iptables rule?

Expecting something like

iptables -t mangle -A OUTPUT -p tcp --dport 1234 -j TCPWINDOW --tcpwindow-set 'min(val,100000)'

Best Answer

To change TCP window from iptables you need to:

checkout https://github.com/p5n/ipt_tcpwin
build both modules using "make"
add iptables rule, for example:

iptables -t mangle -I OUTPUT -p tcp --sport 80 --tcp-flags SYN,ACK SYN,ACK -j TCPWIN --tcpwin-set 1000

Related Solutions

Ssh – iptables rules to block ssh remote forwarded ports

Would it not be easier to switch off ssh forwarding on the ssh server? Just change AllowTcpForwarding from yes to no in your /etc/ssh/sshd_config. If this doesn't suit, you could try something along the lines of

iptables -A OUTPUT -o eth1 -p tcp --cmd-owner "sshd" -j DROP

Linux Bash – How to Sort du -h Output by Size

As of GNU coreutils 7.5 released in August 2009, sort allows a -h parameter, which allows numeric suffixes of the kind produced by du -h:

du -hs * | sort -h

If you are using a sort that does not support -h, you can install GNU Coreutils. E.g. on an older Mac OS X:

brew install coreutils
du -hs * | gsort -h

From sort manual:

-h, --human-numeric-sort compare human readable numbers (e.g., 2K 1G)

Best Answer

Related Solutions

Ssh – iptables rules to block ssh remote forwarded ports

Linux Bash – How to Sort du -h Output by Size

Related Topic