forked from M-Labs/it-infra
nixbld: work around tunnel TCPMSS issues
This commit is contained in:
parent
23e1fa029a
commit
90a6b84c09
|
@ -176,11 +176,20 @@ in
|
||||||
iptables -w -A block-insecure-devices -m mac --mac-source d8:9c:67:ab:83:e7 -j DROP # HP printer, wifi
|
iptables -w -A block-insecure-devices -m mac --mac-source d8:9c:67:ab:83:e7 -j DROP # HP printer, wifi
|
||||||
iptables -w -A block-insecure-devices -m mac --mac-source f4:39:09:f7:3c:d7 -j DROP # HP printer, ethernet
|
iptables -w -A block-insecure-devices -m mac --mac-source f4:39:09:f7:3c:d7 -j DROP # HP printer, ethernet
|
||||||
iptables -w -A FORWARD -j block-insecure-devices
|
iptables -w -A FORWARD -j block-insecure-devices
|
||||||
|
|
||||||
|
iptables -w -N pccw-sucks
|
||||||
|
iptables -A pccw-sucks -o ${netifSit} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1360
|
||||||
|
iptables -A pccw-sucks -o alt0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1380
|
||||||
|
iptables -w -A FORWARD -j pccw-sucks
|
||||||
'';
|
'';
|
||||||
extraStopCommands = ''
|
extraStopCommands = ''
|
||||||
iptables -w -D FORWARD -j block-insecure-devices 2>/dev/null|| true
|
iptables -w -D FORWARD -j block-insecure-devices 2>/dev/null|| true
|
||||||
iptables -w -F block-insecure-devices 2>/dev/null|| true
|
iptables -w -F block-insecure-devices 2>/dev/null|| true
|
||||||
iptables -w -X block-insecure-devices 2>/dev/null|| true
|
iptables -w -X block-insecure-devices 2>/dev/null|| true
|
||||||
|
|
||||||
|
iptables -w -D FORWARD -j pccw-sucks 2>/dev/null|| true
|
||||||
|
iptables -w -F pccw-sucks 2>/dev/null|| true
|
||||||
|
iptables -w -X pccw-sucks 2>/dev/null|| true
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
sits."${netifSit}" = {
|
sits."${netifSit}" = {
|
||||||
|
|
Loading…
Reference in New Issue