NAME

       sanewall-tcpmss - set the MSS of TCP SYN packets for routers

SYNOPSIS

       tcpmss {mss | auto}

DESCRIPTION

       The tcpmss helper command sets the MSS (Maximum Segment Size) of TCP SYN packets routed
       through the firewall. This can be used to overcome situations where Path MTU Discovery is
       not working and packet fragmentation is not possible.

       A numeric mss will set MSS of TCP connections to the value given. Using the word auto will
       set the MSS to the MTU of the outgoing interface minus 40 (clamp-mss-to-pmtu).

       If used within a router definition the MSS will be applied on the outface(s) of the
       router. If used before any router or interface definitions it will be applied to all
       traffic passing through the firewall.

           Note
           The tcpmss command cannot be used in an interface.

EXAMPLES

           tcpmss auto

           tcpmss 500

SEE ALSO

           Sanewall program: sanewall(1)
           Sanewall configuration: sanewall.conf(5)
           router definition: sanewall-router(5)
           TCPMSS target in the iptables tutorial[1]

AUTHOR

       Sanewall Team

COPYRIGHT

       Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>

NOTES

        1. TCPMSS target in the iptables tutorial
           http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#TCPMSSTARGET