NAME

       sanewall-tcpmss - set the MSS of TCP SYN packets for routers

SYNOPSIS

       tcpmss {mss | auto}

DESCRIPTION

       The tcpmss helper command sets the MSS (Maximum Segment Size) of TCP SYN packets routed through the
       firewall. This can be used to overcome situations where Path MTU Discovery is not working and packet
       fragmentation is not possible.

       A numeric mss will set MSS of TCP connections to the value given. Using the word auto will set the MSS to
       the MTU of the outgoing interface minus 40 (clamp-mss-to-pmtu).

       If used within a router definition the MSS will be applied on the outface(s) of the router. If used
       before any router or interface definitions it will be applied to all traffic passing through the
       firewall.

           Note

           The tcpmss command cannot be used in an interface.

EXAMPLES

           tcpmss auto

           tcpmss 500

SEE ALSO

           Sanewall program: sanewall(1)
           Sanewall configuration: sanewall.conf(5)
           router definition: sanewall-router(5)
           TCPMSS target in the iptables tutorial[1]

AUTHOR

       Sanewall Team

COPYRIGHT

       Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>

NOTES

        1. TCPMSS target in the iptables tutorial
           http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#TCPMSSTARGET

Sanewall 1.0.2                                  Built 01 Jun 2013                        TCPMSS HELPER: SANEW(5)