firewall: Make clamp PMTU configurable.

author Michael Tremer <michael.tremer@ipfire.org>

Wed, 1 Aug 2012 18:02:21 +0000 (18:02 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Wed, 1 Aug 2012 18:02:21 +0000 (18:02 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Wed, 1 Aug 2012 18:02:21 +0000 (18:02 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Wed, 1 Aug 2012 18:02:21 +0000 (18:02 +0000)
diff --git a/functions.constants b/functions.constants

index fa192b31c317dd22e8b63cf0c66d0a3d57ec9c1e..fb847000eda0d79c89d0a3c58913421575c8ddce 100644 (file)
--- a/functions.constants
+++ b/functions.constants
@@ -97,7 +97,8 @@ FIREWALL_CONFIG_RULES="${FIREWALL_CONFIG_DIR}/rules"
  
  FIREWALL_MACROS_DIRS="${FIREWALL_CONFIG_DIR}/macros /usr/share/firewall/macros"
  
-FIREWALL_CONFIG_PARAMS="FIREWALL_LOG_METHOD FIREWALL_NFLOG_THRESHOLD"
+FIREWALL_CONFIG_PARAMS="FIREWALL_LOG_METHOD FIREWALL_NFLOG_THRESHOLD FIREWALL_CLAMP_PATH_MTU"
  
  FIREWALL_LOG_METHOD="nflog"
  FIREWALL_NFLOG_THRESHOLD=30
+FIREWALL_CLAMP_PATH_MTU="false"
diff --git a/functions.firewall b/functions.firewall

index 11d88ccdffa50813425dca64caa2226cd4180550..089ed823a3695fa85c31c283fef7b4edc627c100 100644 (file)
--- a/functions.firewall
+++ b/functions.firewall
@@ -153,6 +153,9 @@ function firewall_tcp_state_flags() {
  }
  
  function firewall_tcp_clamp_mss() {
+       # Do nothing if this has been disabled.
+       enabled FIREWALL_CLAMP_PATH_MTU || return ${EXIT_OK}
+
         log DEBUG "Adding rules to clamp MSS to path MTU..."
         iptables -t mangle -A FORWARD \
                 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
author	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 1 Aug 2012 18:02:21 +0000 (18:02 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 1 Aug 2012 18:02:21 +0000 (18:02 +0000)
functions.constants		patch \| blob \| blame \| history
functions.firewall		patch \| blob \| blame \| history