From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 1 Aug 2012 18:02:21 +0000 (+0000)
Subject: firewall: Make clamp PMTU configurable.
X-Git-Tag: 005~64
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc323fc4087ef00613af854902534f662d49fbac;p=network.git

firewall: Make clamp PMTU configurable.
---

diff --git a/functions.constants b/functions.constants
index fa192b31..fb847000 100644
--- a/functions.constants
+++ b/functions.constants
@@ -97,7 +97,8 @@ FIREWALL_CONFIG_RULES="${FIREWALL_CONFIG_DIR}/rules"
 
 FIREWALL_MACROS_DIRS="${FIREWALL_CONFIG_DIR}/macros /usr/share/firewall/macros"
 
-FIREWALL_CONFIG_PARAMS="FIREWALL_LOG_METHOD FIREWALL_NFLOG_THRESHOLD"
+FIREWALL_CONFIG_PARAMS="FIREWALL_LOG_METHOD FIREWALL_NFLOG_THRESHOLD FIREWALL_CLAMP_PATH_MTU"
 
 FIREWALL_LOG_METHOD="nflog"
 FIREWALL_NFLOG_THRESHOLD=30
+FIREWALL_CLAMP_PATH_MTU="false"
diff --git a/functions.firewall b/functions.firewall
index 11d88ccd..089ed823 100644
--- a/functions.firewall
+++ b/functions.firewall
@@ -153,6 +153,9 @@ function firewall_tcp_state_flags() {
 }
 
 function firewall_tcp_clamp_mss() {
+	# Do nothing if this has been disabled.
+	enabled FIREWALL_CLAMP_PATH_MTU || return ${EXIT_OK}
+
 	log DEBUG "Adding rules to clamp MSS to path MTU..."
 	iptables -t mangle -A FORWARD \
 		-p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu