Renamed exit-ipv4 to exit-ip, added TCP-MSS Clamping for V4 and V6

2018-07-21 02:02:32 +02:00 · 2018-07-21 02:02:32 +02:00 · 76b0c8d73f
commit 76b0c8d73f
parent 608db4bb44
6 changed files with 15 additions and 1 deletions
--- a/roles/exit-ipv4/defaults/main.yml
+++ b/roles/exit-ipv4/defaults/main.yml
--- a/roles/exit-ipv4/handlers/main.yml
+++ b/roles/exit-ipv4/handlers/main.yml
@ -2,3 +2,6 @@

 - name: Reload iptables
  shell: iptables-restore < /etc/iptables/rules.v4
+
+- name: Reload ip6tables
+  shell: ip6tables-restore < /etc/iptables/rules.v6
--- a/roles/exit-ipv4/tasks/main.yml
+++ b/roles/exit-ipv4/tasks/main.yml
@ -18,3 +18,7 @@
 - name: Configure iptables
  template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
  notify: Reload iptables
+
+- name: Configure ip6tables
+  template: src=rules.v6.j2 dest=/etc/iptables/rules.v6
+  notify: Reload ip6tables
--- a/roles/exit-ipv4/templates/rules.v4.j2
+++ b/roles/exit-ipv4/templates/rules.v4.j2
--- a/roles/exit-ip/templates/rules.v6.j2
+++ b/roles/exit-ip/templates/rules.v6.j2
@ -0,0 +1,7 @@
+# {{ ansible_managed }}
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+:OUTPUT ACCEPT [0:0]
+COMMIT
--- a/site.yml
+++ b/site.yml
@ -17,7 +17,7 @@
  - bird
  - fastd
  - mesh-interfaces
-  - exit-ipv4
+  - exit-ip
  - dns
  - radvd
  - dhcpd