diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-07-19 06:02:16 +0000 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-07-19 06:02:16 +0000 |
| commit | f5fa7eba2799c1dd5cde0cbffd3e236710451544 (patch) | |
| tree | d2585f2329487607c9aff524b75fbb0da1fe4602 | |
| parent | fd780ffdb62d48a3ce085e0614ebd983afa78d20 (diff) | |
| download | awall-f5fa7eba2799c1dd5cde0cbffd3e236710451544.tar.bz2 awall-f5fa7eba2799c1dd5cde0cbffd3e236710451544.tar.xz | |
support for TCPMSS target
| -rw-r--r-- | awall/modules/clampmss.lua | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/awall/modules/clampmss.lua b/awall/modules/clampmss.lua new file mode 100644 index 0000000..4f74cb5 --- /dev/null +++ b/awall/modules/clampmss.lua @@ -0,0 +1,38 @@ +--[[ +TCP MSS clamping module for Alpine Wall +Copyright (C) 2012 Kaarle Ritvanen +Licensed under the terms of GPL2 +]]-- + + +module(..., package.seeall) + +require 'awall.model' + +local model = awall.model + + +local ClampMSSRule = model.class(model.ForwardOnlyRule) + +function ClampMSSRule:checkzoneoptfrag(ofrag) + if ofrag['in'] then + self:error('Cannot specify inbound interface ('..ofrag['in']..')') + end +end + +function ClampMSSRule:table() return 'mangle' end + +function ClampMSSRule:chain() return 'POSTROUTING' end + +function ClampMSSRule:servoptfrags() + return {{opts='-p tcp --tcp-flags SYN,RST SYN'}} +end + +function ClampMSSRule:target() + return 'TCPMSS --'..(self.mss and 'set-mss '..self.mss or 'clamp-mss-to-pmtu') +end + + +classes = {{'clamp-mss', ClampMSSRule}} + +defrules = {} |