Add nftables rule for PPPoE MSS

2025-07-23 22:19:11 +02:00 · 2025-07-23 22:19:11 +02:00 · 03eebb7123
commit 03eebb7123
parent 3f6de04b84
1 changed files with 21 additions and 1 deletions
--- a/hosts/pbx/networking.nix
+++ b/hosts/pbx/networking.nix
@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}: {
  networking = {
    hostName = "pbx";
    useDHCP = false;
@ -76,6 +80,22 @@
        "voice"
      ];
    };
+    nftables.tables.pppoe = {
+      family = "ip";
+      content = let
+        headerSize = {
+          ipv4 = 20;
+          tcp = 20;
+          pppoe = 8;
+        };
+        maxsegSize = with headerSize; 1500 - ipv4 - tcp - pppoe;
+      in ''
+        chain clamp {
+          type filter hook forward priority mangle;
+          oifname "${config.networking.nat.externalInterface}" tcp flags syn tcp option maxseg size set ${toString maxsegSize}
+        }
+      '';
+    };
    defaultGateway.address = "192.168.100.1";
    nameservers = [
      "9.9.9.9"