The mitigation:
Explaination:
rmmod is a utility to remove a module from the Linux kernel. In this context it removes esp4, esp6 and rxrpc modules from your kernel.
The next line:
printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf
creates a file /etc/modprobe.d/dirtyfrag.conf with the contents:
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
This prevents these modules being loaded each boot. Without this you would have to run the rmmod command every time you rebooted your machine, and would also mean an attacker would just need to reboot your machine in order to make it vulnerable again.
Additionally, not in Phils instructions, once you have applied this you must reboot as a machine that had loaded these modules is still vulnerable until it boots without the modules.
Unless you are using IPSec it is unlikely you will be using these modules anyway. You can confirm with lsmod | sort (this lists loaded modules and sorts them alphabetically).