Adding new MSS options

CHANGELOG

@@ -1,5 +1,6 @@
-2.01 Alpha 1 - 05/29/2014
+2.01 Alpha 1 - 07/27/2014
 	- Fix executable bits on .sh files in custom
+	- Make MSS clamp optional and allow setting MSS size manually
 
 2.00 Release
 	- Add common options for sysctl/proc tweaking of network settings

etc/ipv4.conf

@@ -110,12 +110,12 @@ Enablev4NetfilterModules="yes"
 # Default: nf_conntrack_ftp nf_conntrack_h323 nf_conntrack_irc
 #	nf_conntrack_pptp nf_conntrack_proto_dccp nf_conntrack_proto_gre
 #	nf_conntrack_proto_sctp nf_conntrack_proto_udplite nf_conntrack_sip
-#	nf_conntrack_broadcast
+#	nf_conntrack_broadcast nf_conntrack_tftp
 Loadv4NetfilterModules="nf_conntrack_ftp nf_conntrack_h323 nf_conntrack_irc nf_conntrack_pptp nf_conntrack_proto_dccp nf_conntrack_proto_gre nf_conntrack_proto_sctp nf_conntrack_proto_udplite nf_conntrack_sip nf_conntrack_broadcast nf_conntrack_tftp" 
 
 # These are loaded as well if you have Enablev4NAT set to yes
 # Default: nf_nat_ftp nf_nat_h323 nf_nat_irc nf_nat_pptp nf_nat_proto_dccp
-#	nf_nat_proto_gre nf_nat_proto_sctp nf_nat_proto_udplite nf_nat_sip
+#	nf_nat_proto_gre nf_nat_proto_sctp nf_nat_proto_udplite nf_nat_sip nf_nat_tftp
 Loadv4NetfilterModulesNAT="nf_nat_ftp nf_nat_h323 nf_nat_irc nf_nat_pptp nf_nat_proto_dccp nf_nat_proto_gre nf_nat_proto_sctp nf_nat_proto_udplite nf_nat_sip nf_nat_tftp"
 
 # Default policy for filtering rules

etc/ipv4/mss-clamp.conf

@@ -1,13 +1,14 @@
 # Interface MSS Clamping
 # Use this file to set up clamp rules for interfaces
 # Use tabs or single space to separate
-# <interface>	<mss size>	<type>
-# eth0			1454		fwd
+# <interface>	<mss size>	<type>  <set mss>
+# eth0		1454		fwd	-
 #
 # Default MSS size: 1400:1536
 # Default Type: out
-# You can use '-' as both mss and type, and it will use defaults
+# Default Set MSS: none, use clamp
+# You can use '-' as both mss, type, and set mss, and it will use defaults
 # Interface is required.
 #
-# interface		mss size	type
-eth0			-		-
+# interface		mss size	type	set mss
+eth0			-		-	-

etc/ipv6/mss-clamp.conf

@@ -1,13 +1,14 @@
 # Interface MSS Clamping
 # Use this file to set up clamp rules for interfaces
 # Use tabs or single space to separate
-# <interface>	<mss size>	<type>
-# eth0			1454		fwd
+# <interface>	<mss size>	<type>  <set mss>
+# eth0		1454		fwd	-
 #
 # Default MSS size: 1400:1536
 # Default Type: out
-# You can use '-' as both mss and type, and it will use defaults
+# Default Set MSS: none, use clamp
+# You can use '-' as both mss, type, and set mss, and it will use defaults
 # Interface is required.
 #
-# interface		mss size	type
-eth0			-			-
+# interface		mss size	type	set mss
+eth0			-		-	-

lib/iptables.inc

@@ -172,16 +172,21 @@ function enable_mss_clamp {
 	${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} loading"
 	if [ -e "${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf" ]; then
 		${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} read ${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf successful"
-		while read -r interface mss type; do
+		while read -r interface mss type size; do
 			[[ ${interface} = \#* ]] && continue
 			[[ ${interface} = "" ]] && continue
+			[[ -z ${mss} ]] && mss="-"
 			[[ ${mss} == "-" ]] && mss="1400:1536"
+			[[ -z ${type} ]] && type="-"
 			[[ ${type} == "-" ]] && type="${OutFilter}"
 			[[ ${type} == "out" ]] && type="${OutFilter}"
 			[[ ${type} == "fwd" ]] && type="${FwdFilter}"
-			${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} Read: ${interface} ${mss} ${type}"
+			[[ -z ${size} ]] && size="-"
+			[[ ${size} == "-" ]] && size="--clamp-mss-to-pmtu"
+			[[ ${size} != "-" ]] && size="--set-mss ${size}"
+			${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} Read: ${interface} ${mss} ${type} ${size}"
 			${VER_IPTABLES} -A ${type} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \
-				--clamp-mss-to-pmtu -o ${interface} -m tcpmss --mss ${mss}
+				${size} -o ${interface} -m tcpmss --mss ${mss}
 		done < "${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf"
 
 		${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"