tags 434137 + pending
thanks
Hello,
On Sun, Jul 22, 2007 at 12:05:01AM +0400, Alexey Andriyanov wrote:
>
> Removing MSS rules by calling
> iptables -t mangle -L -n -v --line-numbers | grep "TCPMSS.*$PPP_IFACE.*clamp"
> | cut -f1 -d " " | xargs -n1 -r iptables -t mangle -D FORWARD
> is incorrect because each of every non-first rule number passed to xargs
> refers to old
> rule number, before the first deletion. This involves removing of user
> defined iptables rules.
You're right. Removing MSS rules is far to be perfect.
I corrected this problem with this patch:
8<------------------
diff --git a/pppoeconf b/pppoeconf
index 5041272..11b0e51 100755
--- a/pppoeconf
+++ b/pppoeconf
@@ -423,7 +423,7 @@ If unsure, say yes.
0)
if [ "$kernel_pppoe" ]; then
printf '#!/bin/sh\n# Enable MSS clamping (autogenerated by
pppoeconf)\n\niptables -t mangle -o "$PPP_IFACE" --insert FORWARD 1 -p tcp
--tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS
--clamp-mss-to-pmtu\n' > /etc/ppp/ip-up.d/0clampmss
- printf '#!/bin/sh\n# Disable MSS clamping (autogenerated by
pppoeconf)\n\niptables -t mangle -L -n -v --line-numbers | grep
"TCPMSS.*$PPP_IFACE.*clamp" | cut -f1 -d " " | xargs -n1 -r iptables -t mangle
-D FORWARD\n' > /etc/ppp/ip-down.d/0clampmss
+ printf '#!/bin/sh\n# Disable MSS clamping (autogenerated by
pppoeconf)\n\niptables -t mangle -L -n -v --line-numbers | grep
"TCPMSS.*$PPP_IFACE.*clamp" | cut -f1 -d " " | sort -r | xargs -n1 -r iptables
-t mangle -D FORWARD\n' > /etc/ppp/ip-down.d/0clampmss
chmod 755 /etc/ppp/ip-up.d/0clampmss /etc/ppp/ip-down.d/0clampmss
else
# disable the old line
8<------------------
Patch is commited in my repository.
I will probably upload a new pppoeconf soon.
Thanks for your report,
--
Gregory Colpart <[EMAIL PROTECTED]> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
