diff options
| -rw-r--r-- | awall/modules/clampmss.lua | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/awall/modules/clampmss.lua b/awall/modules/clampmss.lua new file mode 100644 index 0000000..4f74cb5 --- /dev/null +++ b/awall/modules/clampmss.lua @@ -0,0 +1,38 @@ +--[[ +TCP MSS clamping module for Alpine Wall +Copyright (C) 2012 Kaarle Ritvanen +Licensed under the terms of GPL2 +]]-- + + +module(..., package.seeall) + +require 'awall.model' + +local model = awall.model + + +local ClampMSSRule = model.class(model.ForwardOnlyRule) + +function ClampMSSRule:checkzoneoptfrag(ofrag) + if ofrag['in'] then + self:error('Cannot specify inbound interface ('..ofrag['in']..')') + end +end + +function ClampMSSRule:table() return 'mangle' end + +function ClampMSSRule:chain() return 'POSTROUTING' end + +function ClampMSSRule:servoptfrags() + return {{opts='-p tcp --tcp-flags SYN,RST SYN'}} +end + +function ClampMSSRule:target() + return 'TCPMSS --'..(self.mss and 'set-mss '..self.mss or 'clamp-mss-to-pmtu') +end + + +classes = {{'clamp-mss', ClampMSSRule}} + +defrules = {} |