nixbld: apply TCP MSS clamping to USA tunnel

This commit is contained in:
Sébastien Bourdeauducq 2024-10-17 15:08:27 +08:00
parent 19aee9b59f
commit 14e9d63ab7

View File

@ -192,6 +192,7 @@ in
iptables -w -N pccw-sucks iptables -w -N pccw-sucks
iptables -A pccw-sucks -o ${netifSit} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440 iptables -A pccw-sucks -o ${netifSit} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440
iptables -A pccw-sucks -o ${netifAlt} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1380 iptables -A pccw-sucks -o ${netifAlt} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1380
iptables -A pccw-sucks -o ${netifUSA} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1380
iptables -w -A FORWARD -j pccw-sucks iptables -w -A FORWARD -j pccw-sucks
''; '';
extraStopCommands = '' extraStopCommands = ''