diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-09 15:23:33 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-09 15:23:33 +0100 |
| commit | 5ccac7379ee407cbde7edc6333d396324bdc69d5 (patch) | |
| tree | 7c40b4c29cc66f9ed69716a9fb999720b681161d | |
| parent | 1fef7cb7a92c12716aff44dbe498819c87dd6596 (diff) | |
| download | nixos-5ccac7379ee407cbde7edc6333d396324bdc69d5.tar nixos-5ccac7379ee407cbde7edc6333d396324bdc69d5.tar.gz nixos-5ccac7379ee407cbde7edc6333d396324bdc69d5.tar.bz2 nixos-5ccac7379ee407cbde7edc6333d396324bdc69d5.tar.xz nixos-5ccac7379ee407cbde7edc6333d396324bdc69d5.zip | |
vidhar: nftables...
| -rw-r--r-- | hosts/vidhar/ruleset.nft | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index b73db371..b601c2be 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft | |||
| @@ -129,22 +129,16 @@ table ip nat { | |||
| 129 | 129 | ||
| 130 | 130 | ||
| 131 | oifname dsl counter masquerade | 131 | oifname dsl counter masquerade |
| 132 | |||
| 133 | |||
| 134 | counter | ||
| 135 | } | 132 | } |
| 136 | } | 133 | } |
| 137 | 134 | ||
| 138 | table inet mangle { | 135 | table ip mss_clamp { |
| 139 | chain postrouting { | 136 | chain postrouting { |
| 140 | type filter hook postrouting priority mangle | 137 | type filter hook postrouting priority mangle |
| 141 | policy accept | 138 | policy accept |
| 142 | 139 | ||
| 143 | 140 | ||
| 144 | oifname dsl tcp flags & syn == syn counter tcp option maxseg size set rt mtu | 141 | oifname dsl tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu |
| 145 | iifname dsl tcp flags & syn == syn counter tcp option maxseg size set rt mtu | 142 | iifname dsl tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu |
| 146 | |||
| 147 | |||
| 148 | counter | ||
| 149 | } | 143 | } |
| 150 | } \ No newline at end of file | 144 | } \ No newline at end of file |