vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #868 from SquirePug/patch-2

Browse Source 
Add MSS clamp example
This commit is contained in:
Robert Göhler 2022-11-08 21:04:56 +01:00 committed by GitHub
commit e2b77279ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
docs/configuration/policy/examples.rst
View File

@ -182,3 +182,32 @@ Add multiple source IP in one rule with same priority
set policy local-route rule 101 source '203.0.113.253' set policy local-route rule 101 source '203.0.113.253'
set policy local-route rule 101 source '198.51.100.0/24' set policy local-route rule 101 source '198.51.100.0/24'
###########################
Clamp MSS for a specific IP
###########################
This example shows how to target an MSS clamp (in our example to 1360 bytes)
to a specific destination IP.
.. code-block:: none
set policy route IP-MSS-CLAMP rule 10 description 'Clamp TCP session MSS to 1360 for 198.51.100.30'
set policy route IP-MSS-CLAMP rule 10 destination address '198.51.100.30/32'
set policy route IP-MSS-CLAMP rule 10 protocol 'tcp'
set policy route IP-MSS-CLAMP rule 10 set tcp-mss '1360'
set policy route IP-MSS-CLAMP rule 10 tcp flags 'SYN'
To apply this policy to the correct interface, configure it on the
interface the inbound local host will send through to reach our
destined target host (in our example eth1).
.. code-block:: none
set interfaces ethernet eth1 policy route IP-MSS-CLAMP
You can view that the policy is being correctly (or incorrectly) utilised
with the following command:
.. code-block:: none
show policy route statistics