summaryrefslogtreecommitdiff
path: root/docs/configuration/policy
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configuration/policy')
-rw-r--r--docs/configuration/policy/examples.rst29
1 files changed, 29 insertions, 0 deletions
diff --git a/docs/configuration/policy/examples.rst b/docs/configuration/policy/examples.rst
index 2d44f4bc..ca860945 100644
--- a/docs/configuration/policy/examples.rst
+++ b/docs/configuration/policy/examples.rst
@@ -182,3 +182,32 @@ Add multiple source IP in one rule with same priority
set policy local-route rule 101 source '203.0.113.253'
set policy local-route rule 101 source '198.51.100.0/24'
+###########################
+Clamp MSS for a specific IP
+###########################
+
+This example shows how to target an MSS clamp (in our example to 1360 bytes)
+to a specific destination IP.
+
+.. code-block:: none
+
+ set policy route IP-MSS-CLAMP rule 10 description 'Clamp TCP session MSS to 1360 for NN.NNN.NNN.NNN'
+ set policy route IP-MSS-CLAMP rule 10 destination address 'NN.NNN.NNN.NNN/32'
+ set policy route IP-MSS-CLAMP rule 10 protocol 'tcp'
+ set policy route IP-MSS-CLAMP rule 10 set tcp-mss '1360'
+ set policy route IP-MSS-CLAMP rule 10 tcp flags 'SYN'
+
+To apply this policy to the correct interface, configure it on the
+interface the inbound local host will send through to reach our
+destined target host (in our example eth1).
+
+.. code-block:: none
+
+ set interfaces ethernet eth1 policy route IP-MSS-CLAMP
+
+You can view that the policy is being correctly (or incorrectly) utilised
+with the following command:
+
+.. code-block:: none
+
+ show policy route statistics
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 07:59:22 +0000