clamp mtu

master
Niklas Yann Wettengel 7 years ago
parent c5ed917c8e
commit 54515eb744

@ -83,6 +83,12 @@ COMMIT
{% endfor %} {% endfor %}
{% endif %} {% endif %}
-A FORWARD -o {{ ansible_default_ipv6.interface }} -j REJECT -A FORWARD -o {{ ansible_default_ipv6.interface }} -j REJECT
{% if 'ffrl_uplink' in group_names %}
{% for peer in ffrl_peers %}
iptables -A FORWARD -i {{ peer.name }} -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -o {{ peer.name }} -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
{% endfor %}
{% endif %}
COMMIT COMMIT
*nat *nat
:PREROUTING ACCEPT [0:0] :PREROUTING ACCEPT [0:0]

@ -69,6 +69,12 @@ COMMIT
{% endfor %} {% endfor %}
{% endif %} {% endif %}
-A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
{% if 'ffrl_uplink' in group_names %}
{% for peer in ffrl_peers %}
iptables -A FORWARD -i {{ peer.name }} -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -o {{ peer.name }} -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
{% endfor %}
{% endif %}
COMMIT COMMIT
*nat *nat

Loading…
Cancel
Save