From c01a1b62e3af40da4de31f6252ce27d5877d4904 Mon Sep 17 00:00:00 2001 From: Brielle Date: Thu, 9 Apr 2015 15:37:55 -0600 Subject: [PATCH] Fix 'all' option for mss clamp --- lib/iptables.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/iptables.inc b/lib/iptables.inc index 92f94cf..4d270db 100644 --- a/lib/iptables.inc +++ b/lib/iptables.inc @@ -176,7 +176,7 @@ function enable_mss_clamp { [[ ${interface} = \#* ]] && continue [[ ${interface} = "" ]] && continue #[[ -z ${mss} ]] && mss="-" - [[ ${mss} != "-" ]] && mss="--mss ${mss}" + [[ ${mss} != "-" ]] && mss="-m tcpmss --mss ${mss}" [[ ${mss} == "-" ]] && mss="" [[ -z ${type} ]] && type="-" [[ ${type} == "-" ]] && type="${OutFilter}" @@ -189,7 +189,7 @@ function enable_mss_clamp { [[ ${interface} == "all" ]] && interface="" ${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} Read: ${interface} ${mss} ${type} ${msssize}" ${VER_IPTABLES} -A ${type} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \ - ${interface} -m tcpmss ${mss} ${msssize} + ${interface} ${mss} ${msssize} unset interface mss type msssize done < "${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf"