Changeset 13788


Ignore:
Timestamp:
2008-12-31T20:02:03+01:00 (7 years ago)
Author:
nbd
Message:

disable the MSS fixup hack by default (most ISPs don't require this as a workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs

Location:
trunk/package/firewall/files
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/package/firewall/files/firewall.config

    r12766 r13788  
    2121        option src      lan 
    2222        option dest     wan 
     23 
     24## Enable this option if you encounter any MTU problems 
     25## e.g. some websites work, others do not, submitting 
     26## forms causes problems, ... 
     27#       option mtu_fix  1 
    2328 
    2429 
  • trunk/package/firewall/files/uci_firewall.sh

    r12978 r13788  
    4242 
    4343        $IPTABLES -N zone_$1 
     44        $IPTABLES -N zone_$1_MSSFIX 
    4445        $IPTABLES -N zone_$1_ACCEPT 
    4546        $IPTABLES -N zone_$1_DROP 
     
    6162        logger "adding $1 to firewall zone $2" 
    6263        $IPTABLES -A input -i $1 -j zone_$2 
     64        $IPTABLES -I zone_$2_MSSFIX 1 -o $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 
    6365        $IPTABLES -I zone_$2_ACCEPT 1 -o $1 -j ACCEPT 
    6466        $IPTABLES -I zone_$2_DROP 1 -o $1 -j DROP 
     
    148150         
    149151        $IPTABLES -A FORWARD -m state --state INVALID -j DROP 
    150         $IPTABLES -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 
    151152        $IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
    152153         
     
    251252        config_get src $1 src 
    252253        config_get dest $1 dest 
     254        config_get_bool mtu_fix $1 mtu_fix 0 
    253255        [ -n "$src" ] && z_src=zone_${src}_forward || z_src=forward 
    254256        [ -n "$dest" ] && z_dest=zone_${dest}_ACCEPT || z_dest=ACCEPT 
    255257        $IPTABLES -I $z_src 1 -j $z_dest 
     258        [ "$mtu_fix" -gt 0 -a -n "$dest" ] && $IPTABLES -I $z_src 1 -j zone_${dest}_MSSFIX 
    256259} 
    257260 
Note: See TracChangeset for help on using the changeset viewer.