static void
resolve_networks(struct uci_element *e, struct fw3_zone *zone)
{
- struct fw3_device *net, *tmp;
+ struct fw3_device *net, *dev, *tmp;
list_for_each_entry(net, &zone->networks, list)
{
continue;
}
+ list_for_each_entry(dev, &zone->devices, list)
+ if (!strcmp(dev->name, tmp->name))
+ goto alias;
+
snprintf(tmp->network, sizeof(tmp->network), "%s", net->name);
list_add_tail(&tmp->list, &zone->devices);
+ continue;
+alias:
+ free(tmp);
}
}
fw3_ipt_rule_target(r, "TCPMSS");
fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", NULL);
fw3_ipt_rule_replace(r, "FORWARD");
+
+ r = fw3_ipt_rule_create(handle, &tcp, dev, NULL, sub, NULL);
+ fw3_ipt_rule_addarg(r, false, "--tcp-flags", "SYN,RST");
+ fw3_ipt_rule_addarg(r, false, "SYN", NULL);
+ fw3_ipt_rule_comment(r, "Zone %s MTU fixing", zone->name);
+ fw3_ipt_rule_target(r, "TCPMSS");
+ fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", NULL);
+ fw3_ipt_rule_replace(r, "FORWARD");
}
}
else if (handle->table == FW3_TABLE_RAW)