firewall: Add rule to clamp PMTU.

author Michael Tremer <michael.tremer@ipfire.org>

Sun, 29 Jul 2012 16:52:40 +0000 (16:52 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Sun, 29 Jul 2012 16:52:40 +0000 (16:52 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Sun, 29 Jul 2012 16:52:40 +0000 (16:52 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Sun, 29 Jul 2012 16:52:40 +0000 (16:52 +0000)
diff --git a/functions.firewall b/functions.firewall

index 2a5cbedbf7604da437dae799e41c32371c5b246f..11d88ccdffa50813425dca64caa2226cd4180550 100644 (file)
--- a/functions.firewall
+++ b/functions.firewall
@@ -47,6 +47,7 @@ function firewall_start() {
         # Add default chains.
         firewall_tcp_state_flags
         firewall_connection_tracking
+       firewall_tcp_clamp_mss
  
         # Add policies for every zone.
         policy_add_localhost
@@ -151,6 +152,12 @@ function firewall_tcp_state_flags() {
         iptables -A FORWARD -p tcp -j BADTCP
  }
  
+function firewall_tcp_clamp_mss() {
+       log DEBUG "Adding rules to clamp MSS to path MTU..."
+       iptables -t mangle -A FORWARD \
+               -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+}
+
  function firewall_connection_tracking() {
         log INFO "Creating Connection Tracking chain..."
         iptables_chain_create CONNTRACK
author	Michael Tremer <michael.tremer@ipfire.org>
	Sun, 29 Jul 2012 16:52:40 +0000 (16:52 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Sun, 29 Jul 2012 16:52:40 +0000 (16:52 +0000)