{% for (let rule in fw4.rules("mangle_postrouting")): %}
{%+ include("rule.uc", { fw4, zone: null, rule }) %}
{% endfor %}
+{% for (let zone in fw4.zones()): %}
+{% if (zone.mtu_fix): %}
+{% for (let rule in zone.match_rules): %}
+ {%+ include("zone-mssfix.uc", { fw4, zone, rule, egress: true }) %}
+{% endfor %}
+{% endif %}
+{% endfor %}
{% fw4.includes('chain-append', 'mangle_postrouting') %}
}
{% if (zone.mtu_fix): %}
{% for (let rule in zone.match_rules): %}
{%+ include("zone-mssfix.uc", { fw4, zone, rule, egress: false }) %}
- {%+ include("zone-mssfix.uc", { fw4, zone, rule, egress: true }) %}
{% endfor %}
{% endif %}
{% endfor %}
{%+ if (rule.family): -%}
meta nfproto {{ fw4.nfproto(rule.family) }} {%+ endif -%}
{%+ include("zone-match.uc", { egress, rule }) -%}
-tcp flags syn tcp option maxseg size set rt mtu {%+ if (zone.log & 2): -%}
+tcp flags syn / syn,fin,rst tcp option maxseg size set rt mtu {%+ if (zone.log & 2): -%}
log prefix "MSSFIX {{ zone.name }} out: " {%+ endif -%}
comment "!fw4: Zone {{ zone.name }} {{
fw4.nfproto(rule.family, true)
chain mangle_postrouting {
type filter hook postrouting priority mangle; policy accept;
+ oifname "pppoe-wan" tcp flags syn / syn,fin,rst tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing"
}
chain mangle_input {
chain mangle_forward {
type filter hook forward priority mangle; policy accept;
- iifname "pppoe-wan" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing"
- oifname "pppoe-wan" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing"
+ iifname "pppoe-wan" tcp flags syn / syn,fin,rst tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing"
}
}
-- End --