From 5ccac7379ee407cbde7edc6333d396324bdc69d5 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Dec 2021 15:23:33 +0100
Subject: vidhar: nftables...

---
 hosts/vidhar/ruleset.nft | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

(limited to 'hosts/vidhar/ruleset.nft')

diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index b73db371..b601c2be 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -129,22 +129,16 @@ table ip nat {
 
 
     oifname dsl counter masquerade
-
-
-    counter
   }
 }
 
-table inet mangle {
+table ip mss_clamp {
   chain postrouting {
     type filter hook postrouting priority mangle
     policy accept
 
 
-    oifname dsl tcp flags & syn == syn counter tcp option maxseg size set rt mtu
-    iifname dsl tcp flags & syn == syn counter tcp option maxseg size set rt mtu
-
-
-    counter
+    oifname dsl tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu
+    iifname dsl tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu
   }
 }
\ No newline at end of file
-- 
cgit v1.2.3