3 files changed, 20 insertions, 6 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 88ec098..f1f60f2 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -393,7 +393,7 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
 
 [[package]]
 name = "rsdsl_netfilterd"
-version = "0.1.0"
+version = "0.1.1"
 dependencies = [
  "failure",
  "rustables",
@@ -402,8 +402,8 @@ dependencies = [
 
 [[package]]
 name = "rustables"
-version = "0.10.1"
-source = "git+https://github.com/rsdsl/rustables.git#8f8eb7c1c6870e38fd1dcc694c8b74dbc0ef95dd"
+version = "0.11.0"
+source = "git+https://github.com/rsdsl/rustables.git#a78962f91ae04da631de4908851d1d3e7983d032"
 dependencies = [
  "bindgen",
  "bitflags",
@@ -419,7 +419,7 @@ dependencies = [
 [[package]]
 name = "rustables-macros"
 version = "0.1.1"
-source = "git+https://github.com/rsdsl/rustables.git#8f8eb7c1c6870e38fd1dcc694c8b74dbc0ef95dd"
+source = "git+https://github.com/rsdsl/rustables.git#a78962f91ae04da631de4908851d1d3e7983d032"
 dependencies = [
  "once_cell",
  "proc-macro-error",
diff --git a/Cargo.toml b/Cargo.toml
index 8f8c9f8..74a2629 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,11 +1,11 @@
 [package]
 name = "rsdsl_netfilterd"
-version = "0.1.0"
+version = "0.1.1"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
 failure = "0.1.8"
-rustables = { git = "https://github.com/rsdsl/rustables.git", version = "0.10.1" }
+rustables = { git = "https://github.com/rsdsl/rustables.git", version = "0.11.0" }
 thiserror = "1.0"
diff --git a/src/main.rs b/src/main.rs
index 9025f11..295a999 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -130,6 +130,20 @@ fn filter() -> Result<()> {
     let deny_any_to_isolated = Rule::new(&forward)?.oface("eth0.30")?.drop();
     batch.add(&deny_any_to_isolated, MsgType::Add);
 
+    let clamp_mss_inbound = Rule::new(&forward)?
+        .iface("rsppp0")?
+        .protocol(Protocol::TCP)
+        .syn()?
+        .set_mss(1452);
+    batch.add(&clamp_mss_inbound, MsgType::Add);
+
+    let clamp_mss_outbound = Rule::new(&forward)?
+        .oface("rsppp0")?
+        .protocol(Protocol::TCP)
+        .syn()?
+        .set_mss(1452);
+    batch.add(&clamp_mss_outbound, MsgType::Add);
+
     let allow_established = Rule::new(&forward)?.established()?.accept();
     batch.add(&allow_established, MsgType::Add);