From 78772c0cdfc2abb3c5770ab6654c46916dcef89a Mon Sep 17 00:00:00 2001 From: Brielle Date: Thu, 9 Apr 2015 15:27:01 -0600 Subject: [PATCH] Add 'all' option for mss clamp --- CHANGELOG | 2 ++ lib/iptables.inc | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 208c5b5..90a088f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,8 @@ 2.1 Alpha 2 - 03/15/2015 - Unset variables in loops to make sure theres no leakage of variables into the next run of the loop + 04/09/2015 + - Allow use of 'all' in MSS rules to match all forwarding/out traffic 2.1 Alpha 1 - 11/29/2014 - Added support for custom fields in NAT and ACL rules, as this allows diff --git a/lib/iptables.inc b/lib/iptables.inc index 490921a..38e8c9c 100644 --- a/lib/iptables.inc +++ b/lib/iptables.inc @@ -184,9 +184,11 @@ function enable_mss_clamp { [[ -z ${msssize} ]] && msssize="-" [[ ${msssize} != "-" ]] && msssize="--set-mss ${msssize}" [[ ${msssize} == "-" ]] && msssize="--clamp-mss-to-pmtu" + [[ ${interface} == "all" ]] && interface="" + [[ ${interface} != "all" ]] && interface="-o ${interface}" ${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} Read: ${interface} ${mss} ${type} ${msssize}" ${VER_IPTABLES} -A ${type} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \ - -o ${interface} -m tcpmss --mss ${mss} ${msssize} + ${interface} -m tcpmss --mss ${mss} ${msssize} unset interface mss type msssize done < "${FWCONFIGDIR}/ipv${IPVER}/mss-clamp.conf"