summaryrefslogtreecommitdiff
path: root/docs/firewall.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/firewall.rst')
-rw-r--r--docs/firewall.rst37
1 files changed, 0 insertions, 37 deletions
diff --git a/docs/firewall.rst b/docs/firewall.rst
index a56e56a8..fc6bf746 100644
--- a/docs/firewall.rst
+++ b/docs/firewall.rst
@@ -174,42 +174,5 @@ Example Partial Config
}
}
-MSS Clamping
-------------
-
-As Internet wide PMTU discovery rarely works we sometimes need to clamp our TCP
-MSS value to a specific value. Starting with VyOS 1.2 there is a firewall option
-to clamp your TCP MSS value for IPv4 and IPv6.
-
-Clamping can be disabled per interface using the `disable` keywork:
-
-.. code-block:: sh
-
- set firewall options interface pppoe0 disable
-
-IPv4
-----
-
-Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and `1372`
-for your WireGuard `wg02` tunnel.
-
-.. code-block:: sh
-
- set firewall options interface pppoe0 adjust-mss '1452'
- set firewall options interface wg02 adjust-mss '1372'
-
-IPv6
-----
-
-Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and
-`wg02` interface.
-
-To achieve the same for IPv6 please use:
-
-.. code-block:: sh
-
- set firewall options interface pppoe0 adjust-mss6 '1280'
- set firewall options interface wg02 adjust-mss6 '1280'
-
[XFinity Blocked Port List](https://www.xfinity.com/support/internet/list-of-blocked-ports/)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 03:28:33 +0000