diff options
author | Christian Poessinger <christian@poessinger.com> | 2019-04-21 13:19:12 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2019-04-21 13:21:12 +0200 |
commit | 7d024a324412f4902b9ba212277901bbbe2f949c (patch) | |
tree | 3cdb6d4dfd8f2ee30cbcb21aa3b1a3f25016600f /Makefile | |
parent | 0a0f32e9a770b6b3f50295e10b593358a60813d5 (diff) | |
download | vyos-1x-7d024a324412f4902b9ba212277901bbbe2f949c.tar.gz vyos-1x-7d024a324412f4902b9ba212277901bbbe2f949c.zip |
[firewall] T314: add firewall options for MSS clamping
* clamp MSS IPv4
set firewall options interface pppoe0 adjust-mss '1452'
* clamp MSS IPv6
set firewall options interface pppoe0 adjust-mss6 '1452'
* disable entire rule
set firewall options interface pppoe0 disable
Output
------
$ sudo iptables-save -t mangle
# Generated by iptables-save v1.4.21 on Sun Apr 21 12:56:25 2019
*mangle
:PREROUTING ACCEPT [1217:439885]
:INPUT ACCEPT [290:52459]
:FORWARD ACCEPT [920:375774]
:OUTPUT ACCEPT [301:100053]
:POSTROUTING ACCEPT [1221:475827]
:VYOS_FW_OPTIONS - [0:0]
-A FORWARD -j VYOS_FW_OPTIONS
-A VYOS_FW_OPTIONS -o pppoe0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
COMMIT
Completed on Sun Apr 21 12:56:25 2019
(cherry picked from commit 476aa4c3a561ea0ef0bf9b4c26ec8b78d18a5d02)
Diffstat (limited to 'Makefile')
-rw-r--r-- | Makefile | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -9,6 +9,7 @@ interface_definitions: find $(CURDIR)/interface-definitions/ -type f -name "*.xml" | xargs -I {} $(CURDIR)/scripts/build-command-templates {} $(CURDIR)/schema/interface_definition.rng $(TMPL_DIR) || exit 1 # XXX: delete top level node.def's that now live in other packages + rm -f $(TMPL_DIR)/firewall/node.def rm -f $(TMPL_DIR)/interfaces/node.def rm -f $(TMPL_DIR)/protocols/node.def rm -f $(TMPL_DIR)/protocols/static/node.def |