diff --git a/hosts/pbx/networking.nix b/hosts/pbx/networking.nix
index 363d878..7679d3f 100644
--- a/hosts/pbx/networking.nix
+++ b/hosts/pbx/networking.nix
@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}: {
   networking = {
     hostName = "pbx";
     useDHCP = false;
@@ -76,6 +80,22 @@
         "voice"
       ];
     };
+    nftables.tables.pppoe = {
+      family = "ip";
+      content = let
+        headerSize = {
+          ipv4 = 20;
+          tcp = 20;
+          pppoe = 8;
+        };
+        maxsegSize = with headerSize; 1500 - ipv4 - tcp - pppoe;
+      in ''
+        chain clamp {
+          type filter hook forward priority mangle;
+          oifname "${config.networking.nat.externalInterface}" tcp flags syn tcp option maxseg size set ${toString maxsegSize}
+        }
+      '';
+    };
     defaultGateway.address = "192.168.100.1";
     nameservers = [
       "9.9.9.9"