mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-16 11:20:53 +01:00
Don't increase MSS
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6539 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
980ec224a2
commit
be8013a8b2
@ -413,7 +413,7 @@ setup_ipsec() {
|
|||||||
|
|
||||||
if [ "$policy" != NONE ]; then
|
if [ "$policy" != NONE ]; then
|
||||||
ensurechain $1
|
ensurechain $1
|
||||||
run_iptables -I $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss $2
|
run_iptables -I $1 -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $2: -j TCPMSS --set-mss $2
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
|
@ -36,7 +36,7 @@ Other changes in Shorewall 4.0.0 Beta 5.
|
|||||||
|
|
||||||
The compiler program is /usr/share/shorewall-perl/compiler.pl:
|
The compiler program is /usr/share/shorewall-perl/compiler.pl:
|
||||||
|
|
||||||
compiler.pl [ <options> ] [ <filename> ]
|
compiler.pl [ <option> ... ] [ <filename> ]
|
||||||
|
|
||||||
If a <filename> is given, then the configuration will be compiled
|
If a <filename> is given, then the configuration will be compiled
|
||||||
output placed in the named file. If <filename> is not given, then
|
output placed in the named file. If <filename> is not given, then
|
||||||
|
@ -699,7 +699,7 @@ sub set_mss1( $$ ) {
|
|||||||
my $chainref = ensure_chain 'filter', $chain;
|
my $chainref = ensure_chain 'filter', $chain;
|
||||||
|
|
||||||
if ( $chainref->{policy} ne 'NONE' ) {
|
if ( $chainref->{policy} ne 'NONE' ) {
|
||||||
insert_rule $chainref, 1, "-p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss $mss"
|
insert_rule $chainref, 1, "-p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss: -j TCPMSS --set-mss $mss"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1777,9 +1777,17 @@ sub generate_matrix() {
|
|||||||
|
|
||||||
sub setup_mss( $ ) {
|
sub setup_mss( $ ) {
|
||||||
my $clampmss = $_[0];
|
my $clampmss = $_[0];
|
||||||
my $option = "\L$clampmss" eq 'yes' ? '--clamp-mss-to-pmtu' : '--set-mss $clampmss';
|
my $option;
|
||||||
|
my $match = '';
|
||||||
|
|
||||||
add_rule $filter_table->{FORWARD} , "-p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option";
|
if ( "\L$clampmss" eq 'yes' ) {
|
||||||
|
$option = '--clamp-mss-to-pmtu';
|
||||||
|
} else {
|
||||||
|
$match = "-m tcpmss --mss $clampmss: ";
|
||||||
|
$option = '--set-mss $clampmss';
|
||||||
|
}
|
||||||
|
|
||||||
|
add_rule $filter_table->{FORWARD} , "-p tcp --tcp-flags SYN,RST SYN ${match}-j TCPMSS $option";
|
||||||
}
|
}
|
||||||
|
|
||||||
sub dump_rule_chains() {
|
sub dump_rule_chains() {
|
||||||
|
Loading…
Reference in New Issue
Block a user