From 30c4e879ed6dd8fd690882aac442d9ddfc9234ec Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 15 Nov 2021 23:42:09 +0059
Subject: vidhar: ...

---
 hosts/vidhar/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index 6d6726af..844dd5a1 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -114,6 +114,15 @@
           iptables -t nat -A nixos-fw-postrouting -o dsl -j MASQUERADE
 
           ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting
+
+          ip46tables -t mangle -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null || true
+          ip46tables -t mangle -F nixos-fw-postrouting 2>/dev/null || true
+          ip46tables -t mangle -X nixos-fw-postrouting 2>/dev/null || true
+
+          ip46tables -t mangle -N nixos-fw-postrouting
+          ip46tables -A nixos-fw-postrouting -t mangle -o dsl -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+          ip46tables -t mangle -A POSTROUTING -j nixos-fw-postrouting
         '';
       };
     };
-- 
cgit v1.2.3