run iptables -A fwd-spec-nofrag -j RETURN --fragment
run ip6tables -A fwd-spec-nofrag -j RETURN \
-m ipv6header --soft --header frag
- run iptables -A FORWARD -j fwd-spec-nofrag
+ run ip46tables -A FORWARD -j fwd-spec-nofrag
## Allow ping from safe/noloop to untrusted networks.
run iptables -A fwd-spec-nofrag -j ACCEPT \