diff options
| author | HimbeerserverDE <himbeerserverde@gmail.com> | 2023-05-03 21:36:26 +0200 |
|---|---|---|
| committer | HimbeerserverDE <himbeerserverde@gmail.com> | 2023-05-03 21:36:26 +0200 |
| commit | db1d62a0d20183bbda301f177b9d43e548be6b6b (patch) | |
| tree | 7aec6f159408e0cedf4e00618b58f04ef6dfe21a | |
| parent | f2da1bc98fb7c412ea2b324c365e11fd6c6a543d (diff) | |
implement mss clamping in the firewall0.1.1
| -rw-r--r-- | Cargo.lock | 8 | ||||
| -rw-r--r-- | Cargo.toml | 4 | ||||
| -rw-r--r-- | src/main.rs | 14 |
3 files changed, 20 insertions, 6 deletions
@@ -393,7 +393,7 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" [[package]] name = "rsdsl_netfilterd" -version = "0.1.0" +version = "0.1.1" dependencies = [ "failure", "rustables", @@ -402,8 +402,8 @@ dependencies = [ [[package]] name = "rustables" -version = "0.10.1" -source = "git+https://github.com/rsdsl/rustables.git#8f8eb7c1c6870e38fd1dcc694c8b74dbc0ef95dd" +version = "0.11.0" +source = "git+https://github.com/rsdsl/rustables.git#a78962f91ae04da631de4908851d1d3e7983d032" dependencies = [ "bindgen", "bitflags", @@ -419,7 +419,7 @@ dependencies = [ [[package]] name = "rustables-macros" version = "0.1.1" -source = "git+https://github.com/rsdsl/rustables.git#8f8eb7c1c6870e38fd1dcc694c8b74dbc0ef95dd" +source = "git+https://github.com/rsdsl/rustables.git#a78962f91ae04da631de4908851d1d3e7983d032" dependencies = [ "once_cell", "proc-macro-error", @@ -1,11 +1,11 @@ [package] name = "rsdsl_netfilterd" -version = "0.1.0" +version = "0.1.1" edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] failure = "0.1.8" -rustables = { git = "https://github.com/rsdsl/rustables.git", version = "0.10.1" } +rustables = { git = "https://github.com/rsdsl/rustables.git", version = "0.11.0" } thiserror = "1.0" diff --git a/src/main.rs b/src/main.rs index 9025f11..295a999 100644 --- a/src/main.rs +++ b/src/main.rs @@ -130,6 +130,20 @@ fn filter() -> Result<()> { let deny_any_to_isolated = Rule::new(&forward)?.oface("eth0.30")?.drop(); batch.add(&deny_any_to_isolated, MsgType::Add); + let clamp_mss_inbound = Rule::new(&forward)? + .iface("rsppp0")? + .protocol(Protocol::TCP) + .syn()? + .set_mss(1452); + batch.add(&clamp_mss_inbound, MsgType::Add); + + let clamp_mss_outbound = Rule::new(&forward)? + .oface("rsppp0")? + .protocol(Protocol::TCP) + .syn()? + .set_mss(1452); + batch.add(&clamp_mss_outbound, MsgType::Add); + let allow_established = Rule::new(&forward)?.established()?.accept(); batch.add(&allow_established, MsgType::Add); |