Resolves #787. Present an option to enable a scrub rule for <vpns> target to limit the mss to specified value.

1 files changed, 8 insertions, 0 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index a417d07..dbe2b4d 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -391,6 +391,14 @@ function filter_configure_sync() {
 function filter_generate_scrubing() {
 	global $config, $FilterIflist;
 	$scrubrules = "";
+
+	if (isset($config['system']['maxmss_enable'])) {
+		$maxmss = 1420;
+		if (!empty($config['system']['maxmss']))
+			$maxmss = $config['system']['maxmss'];
+
+		$scrubrules .= "scrub in from any to <vpns> max-mss {$maxmss}\n";
+	}
 	/* disable scrub option */
 	foreach ($FilterIflist as $scrubif => $scrubcfg) {
 		if(isset($scrubcfg['virtual']))