From ad992a78dd732e40981bd89ea153a0707560a4ef Mon Sep 17 00:00:00 2001 From: Niklas Yann Wettengel Date: Thu, 15 Mar 2018 14:09:20 +0100 Subject: set wireguard backbone mtu to 1280 --- roles/configure_iptables/templates/ip6tables.rules | 8 ++------ roles/configure_iptables/templates/iptables.rules | 8 ++------ 2 files changed, 4 insertions(+), 12 deletions(-) (limited to 'roles/configure_iptables/templates') diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index 3b3bd03..c0ec379 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -87,12 +87,8 @@ COMMIT {% endfor %} {% endif %} -A FORWARD -o {{ ansible_default_ipv6.interface }} -j REJECT -{% if 'ffrl_uplink' in group_names %} -{% for peer in ffrl_peers %} --A FORWARD -i {{ peer.name }} -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu --A FORWARD -o {{ peer.name }} -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -{% endfor %} -{% endif %} +-A FORWARD -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu COMMIT *nat :PREROUTING ACCEPT [0:0] diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index 5fbe272..a3ee47e 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -71,12 +71,8 @@ COMMIT {% endfor %} {% endif %} -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT -{% if 'ffrl_uplink' in group_names %} -{% for peer in ffrl_peers %} --A FORWARD -i {{ peer.name }} -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu --A FORWARD -o {{ peer.name }} -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -{% endfor %} -{% endif %} +-A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu COMMIT *nat -- cgit v1.2.3-54-g00ecf