clerie
/
nixfiles
1
0
Fork 0
Code

hosts/carbon: enable mss clamping

This commit is contained in:
clerie 2023-02-03 00:41:40 +01:00
parent f2d88ee295
commit f05567cbce
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
hosts/carbon/configuration.nix
View File

@ -243,11 +243,15 @@
networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.extraCommands = ''
ip46tables -A FORWARD -i enp1s0.202 -o ppp-ntvdsl -j ACCEPT
ip46tables -A FORWARD -i enp1s0.202 -j DROP
ip46tables -A FORWARD -i ppp-ntvdsl -o enp1s0.202 -j ACCEPT
ip46tables -A FORWARD -o enp1s0.202 -j DROP
clerie.firewall.enable = true;
clerie.firewall.extraForwardFilterCommands = ''
ip46tables -A forward-filter -i enp1s0.202 -o ppp-ntvdsl -j ACCEPT
ip46tables -A forward-filter -i enp1s0.202 -j DROP
ip46tables -A forward-filter -i ppp-ntvdsl -o enp1s0.202 -j ACCEPT
ip46tables -A forward-filter -o enp1s0.202 -j DROP
'';
clerie.firewall.extraForwardMangleCommands = ''
ip46tables -t mangle -A forward-mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
'';
services.pppd = {