Adding new MSS options
parent
4200631cb0
commit
1fd35cfbc0
|
@ -1,5 +1,6 @@
|
||||||
2.01 Alpha 1 - 05/29/2014
|
2.01 Alpha 1 - 07/27/2014
|
||||||
- Fix executable bits on .sh files in custom
|
- Fix executable bits on .sh files in custom
|
||||||
|
- Make MSS clamp optional and allow setting MSS size manually
|
||||||
|
|
||||||
2.00 Release
|
2.00 Release
|
||||||
- Add common options for sysctl/proc tweaking of network settings
|
- Add common options for sysctl/proc tweaking of network settings
|
||||||
|
|
|
@ -110,12 +110,12 @@ Enablev4NetfilterModules="yes"
|
||||||
# Default: nf_conntrack_ftp nf_conntrack_h323 nf_conntrack_irc
|
# Default: nf_conntrack_ftp nf_conntrack_h323 nf_conntrack_irc
|
||||||
# nf_conntrack_pptp nf_conntrack_proto_dccp nf_conntrack_proto_gre
|
# nf_conntrack_pptp nf_conntrack_proto_dccp nf_conntrack_proto_gre
|
||||||
# nf_conntrack_proto_sctp nf_conntrack_proto_udplite nf_conntrack_sip
|
# nf_conntrack_proto_sctp nf_conntrack_proto_udplite nf_conntrack_sip
|
||||||
# nf_conntrack_broadcast
|
# nf_conntrack_broadcast nf_conntrack_tftp
|
||||||
Loadv4NetfilterModules="nf_conntrack_ftp nf_conntrack_h323 nf_conntrack_irc nf_conntrack_pptp nf_conntrack_proto_dccp nf_conntrack_proto_gre nf_conntrack_proto_sctp nf_conntrack_proto_udplite nf_conntrack_sip nf_conntrack_broadcast nf_conntrack_tftp"
|
Loadv4NetfilterModules="nf_conntrack_ftp nf_conntrack_h323 nf_conntrack_irc nf_conntrack_pptp nf_conntrack_proto_dccp nf_conntrack_proto_gre nf_conntrack_proto_sctp nf_conntrack_proto_udplite nf_conntrack_sip nf_conntrack_broadcast nf_conntrack_tftp"
|
||||||
|
|
||||||
# These are loaded as well if you have Enablev4NAT set to yes
|
# These are loaded as well if you have Enablev4NAT set to yes
|
||||||
# Default: nf_nat_ftp nf_nat_h323 nf_nat_irc nf_nat_pptp nf_nat_proto_dccp
|
# Default: nf_nat_ftp nf_nat_h323 nf_nat_irc nf_nat_pptp nf_nat_proto_dccp
|
||||||
# nf_nat_proto_gre nf_nat_proto_sctp nf_nat_proto_udplite nf_nat_sip
|
# nf_nat_proto_gre nf_nat_proto_sctp nf_nat_proto_udplite nf_nat_sip nf_nat_tftp
|
||||||
Loadv4NetfilterModulesNAT="nf_nat_ftp nf_nat_h323 nf_nat_irc nf_nat_pptp nf_nat_proto_dccp nf_nat_proto_gre nf_nat_proto_sctp nf_nat_proto_udplite nf_nat_sip nf_nat_tftp"
|
Loadv4NetfilterModulesNAT="nf_nat_ftp nf_nat_h323 nf_nat_irc nf_nat_pptp nf_nat_proto_dccp nf_nat_proto_gre nf_nat_proto_sctp nf_nat_proto_udplite nf_nat_sip nf_nat_tftp"
|
||||||
|
|
||||||
# Default policy for filtering rules
|
# Default policy for filtering rules
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
# Interface MSS Clamping
|
# Interface MSS Clamping
|
||||||
# Use this file to set up clamp rules for interfaces
|
# Use this file to set up clamp rules for interfaces
|
||||||
# Use tabs or single space to separate
|
# Use tabs or single space to separate
|
||||||
# <interface> <mss size> <type>
|
# <interface> <mss size> <type> <set mss>
|
||||||
# eth0 1454 fwd
|
# eth0 1454 fwd -
|
||||||
#
|
#
|
||||||
# Default MSS size: 1400:1536
|
# Default MSS size: 1400:1536
|
||||||
# Default Type: out
|
# Default Type: out
|
||||||
# You can use '-' as both mss and type, and it will use defaults
|
# Default Set MSS: none, use clamp
|
||||||
|
# You can use '-' as both mss, type, and set mss, and it will use defaults
|
||||||
# Interface is required.
|
# Interface is required.
|
||||||
#
|
#
|
||||||
# interface mss size type
|
# interface mss size type set mss
|
||||||
eth0 - -
|
eth0 - - -
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
# Interface MSS Clamping
|
# Interface MSS Clamping
|
||||||
# Use this file to set up clamp rules for interfaces
|
# Use this file to set up clamp rules for interfaces
|
||||||
# Use tabs or single space to separate
|
# Use tabs or single space to separate
|
||||||
# <interface> <mss size> <type>
|
# <interface> <mss size> <type> <set mss>
|
||||||
# eth0 1454 fwd
|
# eth0 1454 fwd -
|
||||||
#
|
#
|
||||||
# Default MSS size: 1400:1536
|
# Default MSS size: 1400:1536
|
||||||
# Default Type: out
|
# Default Type: out
|
||||||
# You can use '-' as both mss and type, and it will use defaults
|
# Default Set MSS: none, use clamp
|
||||||
|
# You can use '-' as both mss, type, and set mss, and it will use defaults
|
||||||
# Interface is required.
|
# Interface is required.
|
||||||
#
|
#
|
||||||
# interface mss size type
|
# interface mss size type set mss
|
||||||
eth0 - -
|
eth0 - - -
|
||||||
|
|
|
@ -172,16 +172,21 @@ function enable_mss_clamp {
|
||||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} loading"
|
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} loading"
|
||||||
if [ -e "${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf" ]; then
|
if [ -e "${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf" ]; then
|
||||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} read ${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf successful"
|
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} read ${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf successful"
|
||||||
while read -r interface mss type; do
|
while read -r interface mss type size; do
|
||||||
[[ ${interface} = \#* ]] && continue
|
[[ ${interface} = \#* ]] && continue
|
||||||
[[ ${interface} = "" ]] && continue
|
[[ ${interface} = "" ]] && continue
|
||||||
|
[[ -z ${mss} ]] && mss="-"
|
||||||
[[ ${mss} == "-" ]] && mss="1400:1536"
|
[[ ${mss} == "-" ]] && mss="1400:1536"
|
||||||
|
[[ -z ${type} ]] && type="-"
|
||||||
[[ ${type} == "-" ]] && type="${OutFilter}"
|
[[ ${type} == "-" ]] && type="${OutFilter}"
|
||||||
[[ ${type} == "out" ]] && type="${OutFilter}"
|
[[ ${type} == "out" ]] && type="${OutFilter}"
|
||||||
[[ ${type} == "fwd" ]] && type="${FwdFilter}"
|
[[ ${type} == "fwd" ]] && type="${FwdFilter}"
|
||||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} Read: ${interface} ${mss} ${type}"
|
[[ -z ${size} ]] && size="-"
|
||||||
|
[[ ${size} == "-" ]] && size="--clamp-mss-to-pmtu"
|
||||||
|
[[ ${size} != "-" ]] && size="--set-mss ${size}"
|
||||||
|
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} Read: ${interface} ${mss} ${type} ${size}"
|
||||||
${VER_IPTABLES} -A ${type} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \
|
${VER_IPTABLES} -A ${type} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \
|
||||||
--clamp-mss-to-pmtu -o ${interface} -m tcpmss --mss ${mss}
|
${size} -o ${interface} -m tcpmss --mss ${mss}
|
||||||
done < "${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf"
|
done < "${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf"
|
||||||
|
|
||||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"
|
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"
|
||||||
|
|
Loading…
Reference in New Issue