Add nftables rule for PPPoE MSS
This commit is contained in:
Jakob Lechner
parent
3f6de04b84
commit
03eebb7123
1 changed files with 21 additions and 1 deletions
|
|
@ -1,4 +1,8 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "pbx";
|
hostName = "pbx";
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
|
|
@ -76,6 +80,22 @@
|
||||||
"voice"
|
"voice"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
nftables.tables.pppoe = {
|
||||||
|
family = "ip";
|
||||||
|
content = let
|
||||||
|
headerSize = {
|
||||||
|
ipv4 = 20;
|
||||||
|
tcp = 20;
|
||||||
|
pppoe = 8;
|
||||||
|
};
|
||||||
|
maxsegSize = with headerSize; 1500 - ipv4 - tcp - pppoe;
|
||||||
|
in ''
|
||||||
|
chain clamp {
|
||||||
|
type filter hook forward priority mangle;
|
||||||
|
oifname "${config.networking.nat.externalInterface}" tcp flags syn tcp option maxseg size set ${toString maxsegSize}
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
defaultGateway.address = "192.168.100.1";
|
defaultGateway.address = "192.168.100.1";
|
||||||
nameservers = [
|
nameservers = [
|
||||||
"9.9.9.9"
|
"9.9.9.9"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue