mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-26 04:32:01 +02:00
Add CLAMPMSS support
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5560 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
e63a74d0cd
commit
637899177b
@ -37,7 +37,7 @@ use Shorewall::Proc;
|
|||||||
use strict;
|
use strict;
|
||||||
|
|
||||||
our @ISA = qw(Exporter);
|
our @ISA = qw(Exporter);
|
||||||
our @EXPORT = qw( add_common_rules setup_mac_lists process_criticalhosts process_routestopped process_rules generate_matrix );
|
our @EXPORT = qw( add_common_rules setup_mac_lists process_criticalhosts process_routestopped process_rules generate_matrix setup_mss );
|
||||||
our @EXPORT_OK = qw( process_rule process_rule1 );
|
our @EXPORT_OK = qw( process_rule process_rule1 );
|
||||||
our @VERSION = 1.00;
|
our @VERSION = 1.00;
|
||||||
|
|
||||||
@ -1506,4 +1506,11 @@ sub generate_matrix() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub setup_mss( $ ) {
|
||||||
|
my $clampmss = $_[0];
|
||||||
|
my $option = "\Lclampmss" eq 'yes' ? '--clamp-mss-to-pmtu' : '--set-mss $clampmss';
|
||||||
|
|
||||||
|
add_rule $filter_table->{FORWARD} , "-p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option";
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|||||||
@ -359,7 +359,6 @@ stop_firewall() {
|
|||||||
setcontinue \$chain
|
setcontinue \$chain
|
||||||
done
|
done
|
||||||
";
|
";
|
||||||
|
|
||||||
}
|
}
|
||||||
} elsif ( ! $config{ADMINISABSENTMINDED} ) {
|
} elsif ( ! $config{ADMINISABSENTMINDED} ) {
|
||||||
emit "
|
emit "
|
||||||
@ -499,6 +498,8 @@ sub generate_script_2 () {
|
|||||||
|
|
||||||
emit "disable_ipv6\n" if $config{DISABLE_IPV6};
|
emit "disable_ipv6\n" if $config{DISABLE_IPV6};
|
||||||
|
|
||||||
|
setup_mss( $config{CLAMPMSS} ) if $config{CLAMPMSS};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub generate_script_3() {
|
sub generate_script_3() {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user