diff options
| author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-08-18 17:09:17 +0000 |
|---|---|---|
| committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-08-18 21:28:28 +0000 |
| commit | fd15f9d2ab6a7e5bbc07ff2e8b10c064984492ce (patch) | |
| tree | 2861f3aa5edb1f67bf52ac7f6daefe3290952efa /python | |
| parent | 1f880973e221b91ac843a27d2e4c0b3de1880b97 (diff) | |
| download | vyos-1x-fd15f9d2ab6a7e5bbc07ff2e8b10c064984492ce.tar.gz vyos-1x-fd15f9d2ab6a7e5bbc07ff2e8b10c064984492ce.zip | |
firewall: T4622: Add TCP MSS option
Ability to drop|accept packets based on TCP MSS size
set firewall name <tag> rule <tag> tcp mss '501-1460'
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/firewall.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 3e2de4c3f..663c4394a 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -297,6 +297,11 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): if tcp_flags: output.append(parse_tcp_flags(tcp_flags)) + # TCP MSS + tcp_mss = dict_search_args(rule_conf, 'tcp', 'mss') + if tcp_mss: + output.append(f'tcp option maxseg size {tcp_mss}') + output.append('counter') if 'set' in rule_conf: |