Add CLAMPMSS support

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5560 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-02-19 03:01:10 +01:00 · 2007-03-16 23:57:43 +00:00 · 2007-03-16 23:57:43 +00:00 · 637899177b
commit 637899177b
parent e63a74d0cd
2 changed files with 10 additions and 2 deletions
--- a/New/Shorewall/Rules.pm
+++ b/New/Shorewall/Rules.pm
@ -37,7 +37,7 @@ use Shorewall::Proc;
 use strict;

 our @ISA = qw(Exporter);
-our @EXPORT = qw( add_common_rules setup_mac_lists process_criticalhosts process_routestopped process_rules generate_matrix );
+our @EXPORT = qw( add_common_rules setup_mac_lists process_criticalhosts process_routestopped process_rules generate_matrix setup_mss );
 our @EXPORT_OK = qw( process_rule process_rule1 );
 our @VERSION = 1.00;

@ -1506,4 +1506,11 @@ sub generate_matrix() {
    }
 }

+sub setup_mss( $ ) {
+    my $clampmss = $_[0];
+    my $option = "\Lclampmss" eq 'yes' ? '--clamp-mss-to-pmtu' : '--set-mss $clampmss';
+
+    add_rule $filter_table->{FORWARD} , "-p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option";
+}
+
 1;
--- a/New/compiler.pl
+++ b/New/compiler.pl
@ -359,7 +359,6 @@ stop_firewall() {
 	setcontinue \$chain
    done
 ";
-
 	}
    } elsif ( ! $config{ADMINISABSENTMINDED} ) {
 	emit "
@ -499,6 +498,8 @@ sub generate_script_2 () {

    emit "disable_ipv6\n" if $config{DISABLE_IPV6};

+    setup_mss( $config{CLAMPMSS} ) if $config{CLAMPMSS};
+
 }

 sub generate_script_3() {