Renamed exit-ipv4 to exit-ip, added TCP-MSS Clamping for V4 and V6

This commit is contained in:
Bastian 2018-07-21 02:02:32 +02:00
parent 608db4bb44
commit 76b0c8d73f
6 changed files with 15 additions and 1 deletions

View File

@ -2,3 +2,6 @@
- name: Reload iptables - name: Reload iptables
shell: iptables-restore < /etc/iptables/rules.v4 shell: iptables-restore < /etc/iptables/rules.v4
- name: Reload ip6tables
shell: ip6tables-restore < /etc/iptables/rules.v6

View File

@ -18,3 +18,7 @@
- name: Configure iptables - name: Configure iptables
template: src=rules.v4.j2 dest=/etc/iptables/rules.v4 template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
notify: Reload iptables notify: Reload iptables
- name: Configure ip6tables
template: src=rules.v6.j2 dest=/etc/iptables/rules.v6
notify: Reload ip6tables

View File

@ -0,0 +1,7 @@
# {{ ansible_managed }}
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
:OUTPUT ACCEPT [0:0]
COMMIT

View File

@ -17,7 +17,7 @@
- bird - bird
- fastd - fastd
- mesh-interfaces - mesh-interfaces
- exit-ipv4 - exit-ip
- dns - dns
- radvd - radvd
- dhcpd - dhcpd