diff options
| author | HimbeerserverDE <himbeerserverde@gmail.com> | 2023-05-07 14:18:53 +0200 |
|---|---|---|
| committer | HimbeerserverDE <himbeerserverde@gmail.com> | 2023-05-07 14:18:53 +0200 |
| commit | 7dc19c54ed93062f172bc6e07a62d82f886da5a3 (patch) | |
| tree | 56fb9c0dc38e285e9114cc2c95b5fa4dcbf8e3fa | |
| parent | a4f5c17e062a66703334fc0fb38ec7c6c2fdcfbf (diff) | |
perform mss clamping on he 6in4 IPv6 traffic
| -rw-r--r-- | src/main.rs | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/src/main.rs b/src/main.rs index 096748c..6219d5e 100644 --- a/src/main.rs +++ b/src/main.rs @@ -136,19 +136,33 @@ fn filter() -> Result<()> { let deny_any_to_isolated = Rule::new(&forward)?.oface("eth0.30")?.drop(); batch.add(&deny_any_to_isolated, MsgType::Add); - let clamp_mss_inbound = Rule::new(&forward)? + let clamp_mss_inbound4 = Rule::new(&forward)? .iface("rsppp0")? .protocol(Protocol::TCP) .syn()? .clamp_mss_to_pmtu(); - batch.add(&clamp_mss_inbound, MsgType::Add); + batch.add(&clamp_mss_inbound4, MsgType::Add); - let clamp_mss_outbound = Rule::new(&forward)? + let clamp_mss_inbound6 = Rule::new(&forward)? + .iface("he6in4")? + .protocol(Protocol::TCP) + .syn()? + .clamp_mss_to_pmtu(); + batch.add(&clamp_mss_inbound6, MsgType::Add); + + let clamp_mss_outbound4 = Rule::new(&forward)? .oface("rsppp0")? .protocol(Protocol::TCP) .syn()? .clamp_mss_to_pmtu(); - batch.add(&clamp_mss_outbound, MsgType::Add); + batch.add(&clamp_mss_outbound4, MsgType::Add); + + let clamp_mss_outbound6 = Rule::new(&forward)? + .oface("he6in4")? + .protocol(Protocol::TCP) + .syn()? + .clamp_mss_to_pmtu(); + batch.add(&clamp_mss_outbound6, MsgType::Add); let allow_established = Rule::new(&forward)?.established()?.accept(); batch.add(&allow_established, MsgType::Add); |