brielle
/
Firewall-SOSDG
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adding ECN strip functions

master
bruns@2mbit.com 2010-06-19 21:41:27 +00:00
parent b8cd81bc6a
commit 2a620be8ef
3 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -1,5 +1,6 @@
0.8 - Brielle Bruns <bruns@2mbit.com> 0.8 - Brielle Bruns <bruns@2mbit.com>
- IPv6 Connection Tracking fixes - IPv6 Connection Tracking fixes
- Strip ECN off of specific outbound packets
0.7 - Brielle Bruns <bruns@2mbit.com> 0.7 - Brielle Bruns <bruns@2mbit.com>
- MSS Clamp on IPv6 - MSS Clamp on IPv6

4
options.default
View File

@ -60,6 +60,10 @@ NATEXTIF="eth0"
# IP Ranges to block all traffic incoming/outgoing # IP Ranges to block all traffic incoming/outgoing
BLOCKEDIP=$BASEDIR/blocked BLOCKEDIP=$BASEDIR/blocked
# Strip ECN off of packets - helps with blackholes
# Either individual IPs or 0.0.0.0/0
STRIPECN="0.0.0.0/0"
# IPv6 related features. Commenting out IPV6 variable disables ALL # IPv6 related features. Commenting out IPV6 variable disables ALL
# IPv6 related items # IPv6 related items

10
rc.firewall
View File

@ -44,6 +44,16 @@ if [ $BLOCKEDIP ]; then
echo -ne "\n" echo -ne "\n"
fi fi
if [ "$STRIPECN" ]; then
for i in $STRIPECN; do
echo "Stripping ECN off of TCP packets to $i"
$IPTABLES -A PREROUTING -t mangle -p tcp -d $i -j ECN \
--ecn-remove 1
done
echo -ne "\n"
fi
if [ "$CLAMPMSS" ]; then if [ "$CLAMPMSS" ]; then
echo "Clamping MSS to PMTU..." echo "Clamping MSS to PMTU..."
for i in $CLAMPMSS; do for i in $CLAMPMSS; do