From c3df5d6f1209240cfdaaac222501403b9ce33eae Mon Sep 17 00:00:00 2001 From: toby Date: Wed, 23 Jan 2019 14:50:54 -0800 Subject: [PATCH] just some comments and to test the new signing machinery ... --- files/firewall | 2 ++ 1 file changed, 2 insertions(+) diff --git a/files/firewall b/files/firewall index 4b37fd3..e3e5147 100755 --- a/files/firewall +++ b/files/firewall @@ -65,6 +65,8 @@ case $1 in iptables -A FORWARD -i ipmigw1 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i ipmigw1 -j DROP + ## this may only be needed on edge in some cases. needs to be tweaked once we have a network again spaning multiple regions + #iptables -t mangle -A FORWARD -p tcp -m tcp -o usw1 --tcp-flags SYN,RST SYN -m tcpmss --mss 1437:10000 -j TCPMSS --set-mss 1436 #special tables iptables -t mangle -F