kreativmonkey
/
ffmyk-ansible
mirror of https://git.niyawe.de/ffmyk-ansible.git
1
1
Fork 0
Code Issues Releases Wiki Activity

clamp mtu

Browse Source
master
Niklas Yann Wettengel 7 years ago
parent c5ed917c8e
commit 54515eb744
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File

6
roles/configure_iptables/templates/ip6tables.rules
Unescape Escape View File

@ -83,6 +83,12 @@ COMMIT
{% endfor %}
{% endif %}
-A FORWARD -o {{ ansible_default_ipv6.interface }} -j REJECT
{% if 'ffrl_uplink' in group_names %}
{% for peer in ffrl_peers %}
iptables -A FORWARD -i {{ peer.name }} -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -o {{ peer.name }} -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
{% endfor %}
{% endif %}
COMMIT
*nat
:PREROUTING ACCEPT [0:0]

6
roles/configure_iptables/templates/iptables.rules
Unescape Escape View File

@ -69,6 +69,12 @@ COMMIT
{% endfor %}
{% endif %}
-A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
{% if 'ffrl_uplink' in group_names %}
{% for peer in ffrl_peers %}
iptables -A FORWARD -i {{ peer.name }} -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -o {{ peer.name }} -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
{% endfor %}
{% endif %}
COMMIT
*nat

Write Preview
Loading…
Cancel
Save