firewall-controller icon indicating copy to clipboard operation
firewall-controller copied to clipboard
verified publisher icon metal-stack

Support MSS Clamping definition through CWNP

Open majst01 opened this issue 2 years ago • 0 comments

If on the communication path to outside destinations smaller MTUs are required, we should be able to enable MSS Clamping.

This can be done with netfilter, the generated rules must be specified before all statefule filter rules like so:

# TCP-MSS clamping
ip saddr { 100.127.1.44/32 } tcp sport { 2049 } tcp flags syn tcp option maxseg size set 1460
ip daddr { 100.127.1.44/32 } tcp dport { 2049 } tcp flags syn tcp option maxseg size set 1460

The CWNP must therefore get an additional field mtu

@chbmuc please correct me if im wrong

majst01 avatar Jul 11 '23 11:07 majst01