diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-09 15:23:33 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-09 15:23:33 +0100 |
commit | 5ccac7379ee407cbde7edc6333d396324bdc69d5 (patch) | |
tree | 7c40b4c29cc66f9ed69716a9fb999720b681161d /hosts/vidhar/ruleset.nft | |
parent | 1fef7cb7a92c12716aff44dbe498819c87dd6596 (diff) | |
download | nixos-5ccac7379ee407cbde7edc6333d396324bdc69d5.tar nixos-5ccac7379ee407cbde7edc6333d396324bdc69d5.tar.gz nixos-5ccac7379ee407cbde7edc6333d396324bdc69d5.tar.bz2 nixos-5ccac7379ee407cbde7edc6333d396324bdc69d5.tar.xz nixos-5ccac7379ee407cbde7edc6333d396324bdc69d5.zip |
vidhar: nftables...
Diffstat (limited to 'hosts/vidhar/ruleset.nft')
-rw-r--r-- | hosts/vidhar/ruleset.nft | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index b73db371..b601c2be 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft | |||
@@ -129,22 +129,16 @@ table ip nat { | |||
129 | 129 | ||
130 | 130 | ||
131 | oifname dsl counter masquerade | 131 | oifname dsl counter masquerade |
132 | |||
133 | |||
134 | counter | ||
135 | } | 132 | } |
136 | } | 133 | } |
137 | 134 | ||
138 | table inet mangle { | 135 | table ip mss_clamp { |
139 | chain postrouting { | 136 | chain postrouting { |
140 | type filter hook postrouting priority mangle | 137 | type filter hook postrouting priority mangle |
141 | policy accept | 138 | policy accept |
142 | 139 | ||
143 | 140 | ||
144 | oifname dsl tcp flags & syn == syn counter tcp option maxseg size set rt mtu | 141 | oifname dsl tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu |
145 | iifname dsl tcp flags & syn == syn counter tcp option maxseg size set rt mtu | 142 | iifname dsl tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu |
146 | |||
147 | |||
148 | counter | ||
149 | } | 143 | } |
150 | } \ No newline at end of file | 144 | } \ No newline at end of file |