nixos/home/routing-common: Add MSS clamping to work around PMTUD

2024-03-21 20:42:06 +00:00 · 2024-03-21 20:42:06 +00:00 · 40c491aa14
commit 40c491aa14
parent 1a8740fb9c
1 changed files with 6 additions and 0 deletions
--- a/nixos/boxes/home/routing-common/default.nix
+++ b/nixos/boxes/home/routing-common/default.nix
@ -370,6 +370,12 @@ in
                    return
                  }

+                  chain forward-early {
+                    type filter hook forward priority -1; policy accept;
+
+                    # MSS clamping to workaround IPv6 PMTUD being broken...
+                    tcp flags syn tcp option maxseg size set rt mtu counter
+                  }
                  chain forward {
                    ${lib.my.c.as211024.nftTrust}
                    iifname lan-untrusted jump filter-untrusted