mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-24 00:23:28 +01:00
Correct interaction between FASTACCEPT and CLAMPMSS
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3013 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
f753b4ab5c
commit
0fcc67230c
@ -9,6 +9,8 @@ Changes in 3.0.1
|
||||
|
||||
4) Clarify PORTS column in blacklist file.
|
||||
|
||||
5) Correct CLAMPMSS/FASTACCEPT interraction.
|
||||
|
||||
Changes in 3.0.0 Final
|
||||
|
||||
None.
|
||||
|
@ -7636,6 +7636,19 @@ verify_ip() {
|
||||
# - Determine the zones
|
||||
#
|
||||
initialize_netfilter () {
|
||||
setup_mss()
|
||||
{
|
||||
case $CLAMPMSS in
|
||||
Yes)
|
||||
option="--clamp-mss-to-pmtu"
|
||||
;;
|
||||
*)
|
||||
option="--set-mss $CLAMPMSS"
|
||||
;;
|
||||
esac
|
||||
|
||||
run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option
|
||||
}
|
||||
|
||||
report_capabilities
|
||||
|
||||
@ -7754,6 +7767,8 @@ initialize_netfilter () {
|
||||
setpolicy INPUT DROP
|
||||
setpolicy OUTPUT DROP
|
||||
|
||||
[ -n "$CLAMPMSS" ] && setup_mss
|
||||
|
||||
setcontinue FORWARD
|
||||
setcontinue INPUT
|
||||
setcontinue OUTPUT
|
||||
@ -7765,6 +7780,8 @@ initialize_netfilter () {
|
||||
|
||||
deleteallchains
|
||||
|
||||
[ -n "$CLAMPMSS" ] && setup_mss
|
||||
|
||||
setcontinue FORWARD
|
||||
setcontinue INPUT
|
||||
setcontinue OUTPUT
|
||||
@ -7807,19 +7824,6 @@ initialize_netfilter () {
|
||||
run_iptables -A $chain -p udp --dport 53 -j ACCEPT
|
||||
done
|
||||
|
||||
if [ -n "$CLAMPMSS" ]; then
|
||||
case $CLAMPMSS in
|
||||
Yes)
|
||||
option="--clamp-mss-to-pmtu"
|
||||
;;
|
||||
*)
|
||||
option="--set-mss $CLAMPMSS"
|
||||
;;
|
||||
esac
|
||||
|
||||
run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option
|
||||
fi
|
||||
|
||||
accounting_file=$(find_file accounting)
|
||||
|
||||
[ -f $accounting_file ] && setup_accounting $accounting_file
|
||||
|
@ -17,6 +17,9 @@ Problems Corrected in 3.0.1
|
||||
clarify that the PORTS column refers to destination port number/service
|
||||
names.
|
||||
|
||||
5) When CLAMPMSS is set to a value other than "No" and FASTACCEPT=Yes, the
|
||||
order of the rules generated was incorrect.
|
||||
|
||||
New Features in 3.0.1
|
||||
|
||||
1) To make the macro facility more flexible, Shorewall now examines the
|
||||
|
Loading…
Reference in New Issue
Block a user