brielle
/
SRFirewall
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Add 'all' option for mss clamp

master
Brie Bruns 2015-04-09 15:27:01 -06:00
parent d731b0ce61
commit 78772c0cdf
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG
View File

@ -1,6 +1,8 @@
2.1 Alpha 2 - 03/15/2015 2.1 Alpha 2 - 03/15/2015
- Unset variables in loops to make sure theres no leakage of - Unset variables in loops to make sure theres no leakage of
variables into the next run of the loop variables into the next run of the loop
04/09/2015
- Allow use of 'all' in MSS rules to match all forwarding/out traffic
2.1 Alpha 1 - 11/29/2014 2.1 Alpha 1 - 11/29/2014
- Added support for custom fields in NAT and ACL rules, as this allows - Added support for custom fields in NAT and ACL rules, as this allows

4
lib/iptables.inc
View File

@ -184,9 +184,11 @@ function enable_mss_clamp {
[[ -z ${msssize} ]] && msssize="-" [[ -z ${msssize} ]] && msssize="-"
[[ ${msssize} != "-" ]] && msssize="--set-mss ${msssize}" [[ ${msssize} != "-" ]] && msssize="--set-mss ${msssize}"
[[ ${msssize} == "-" ]] && msssize="--clamp-mss-to-pmtu" [[ ${msssize} == "-" ]] && msssize="--clamp-mss-to-pmtu"
[[ ${interface} == "all" ]] && interface=""
[[ ${interface} != "all" ]] && interface="-o ${interface}"
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} Read: ${interface} ${mss} ${type} ${msssize}" ${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} Read: ${interface} ${mss} ${type} ${msssize}"
${VER_IPTABLES} -A ${type} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \ ${VER_IPTABLES} -A ${type} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \
-o ${interface} -m tcpmss --mss ${mss} ${msssize} ${interface} -m tcpmss --mss ${mss} ${msssize}
unset interface mss type msssize unset interface mss type msssize
done < "${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf" done < "${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf"