Limit interface MTU to 1500 if no explicit MTU configured

Without this change, setting the MTU of a PPPoE interface with a
VLAN parent interface above 1492 will result in the MTU of other
VLANs on the same physical NIC that are not explicitly configured
to rise above 1500. It seems unwise - and a Principle of Least
Astonishment breach - for an MTU requiring Ethernet jumbo frames
to come about without explicit configuration.

1 files changed, 9 insertions, 4 deletions

diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
index f321d60..d30866f 100644
--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -3088,15 +3088,15 @@ function interface_vlan_adapt_mtu($vlanifs, $mtu) {
 			} else if ($pppoe_mtu != 0) {
 				pfSense_interface_mtu($vlan['vlanif'], $pppoe_mtu);
 			} else {
-				if (get_interface_mtu($vlan['vlanif']) != $mtu) {
-					pfSense_interface_mtu($vlan['vlanif'], $mtu);
+				if (get_interface_mtu($vlan['vlanif']) != (($mtu > 1500) ? 1500 : $mtu)) {
+					pfSense_interface_mtu($vlan['vlanif'], (($mtu > 1500) ? 1500 : $mtu));
 				}
 			}
 		} else {
 			if ($pppoe_mtu != 0) {
 				pfSense_interface_mtu($vlan['vlanif'], $pppoe_mtu);
-			} else if (get_interface_mtu($vlan['vlanif']) != $mtu) {
-				pfSense_interface_mtu($vlan['vlanif'], $mtu);
+			} else if (get_interface_mtu($vlan['vlanif']) != (($mtu > 1500) ? 1500 : $mtu)) {
+				pfSense_interface_mtu($vlan['vlanif'], (($mtu > 1500) ? 1500 : $mtu));
 			}
 		}
 	}
@@ -3290,6 +3290,11 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven
 		}
 	}
 
+	// Limit the MTU to 1500 if no explicit MTU configured
+	if ($wantedmtu == 0 && get_interface_mtu($mtuif) > 1500) {
+		$wantedmtu = 1500;
+	}
+
 	if ($wantedmtu != 0) {
 		if (stristr($mtuif, "_vlan")) {
 			$assignedparent = convert_real_interface_to_friendly_interface_name($mtuhwif);