iptables prevent access

[nike]

Sir,
I have a apache webserver in centos7 and iptables are using to protect it. Some rules like below are used in mangle chain
-
-A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 0:65535 -j DROP

and result is drop some ip addresses . I found the block result in server's log file that is below

Oct 5 10:57:04 xxxx kernel: DROPIN=eth0 OUT= MAC=00:16:3e:62:61:af:d4:76:a0:05:58:e4:08:00 SRC=YY.YY..71.245 DST=XX.XX.XX.XX LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56975 PROTO=TCP SPT=19123 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0

So please help me saying about above rules . It should keep in iptables or delete. any help will be helpful for me

[jlehtone]

You should know why you have rules like that, because I don't recall such in default ruleset.

The man iptables-extensions tells:

tcpmss
This matches the TCP MSS (maximum segment size) field of the TCP header. You can only use this on TCP SYN or SYN/ACK packets, since the MSS is only negotiated during the TCP handshake at connection startup time.