diff options
author | Ermal <eri@pfsense.org> | 2010-08-03 17:35:50 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2010-08-03 17:35:50 +0000 |
commit | 6441fa9a5f8fa303469822aa3e79b863de1ab9c5 (patch) | |
tree | a3844b847ca904af99af18cd8a403f6cdd591b40 /etc | |
parent | 17d058aa2db7b21c8758abab6baabd1399577b28 (diff) | |
download | pfsense-6441fa9a5f8fa303469822aa3e79b863de1ab9c5.zip pfsense-6441fa9a5f8fa303469822aa3e79b863de1ab9c5.tar.gz |
Resolves #787. Present an option to enable a scrub rule for <vpns> target to limit the mss to specified value.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index a417d07..dbe2b4d 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -391,6 +391,14 @@ function filter_configure_sync() { function filter_generate_scrubing() { global $config, $FilterIflist; $scrubrules = ""; + + if (isset($config['system']['maxmss_enable'])) { + $maxmss = 1420; + if (!empty($config['system']['maxmss'])) + $maxmss = $config['system']['maxmss']; + + $scrubrules .= "scrub in from any to <vpns> max-mss {$maxmss}\n"; + } /* disable scrub option */ foreach ($FilterIflist as $scrubif => $scrubcfg) { if(isset($scrubcfg['virtual'])) |