Bug#348537: does not remove rule generated by ip-up.d/0clampmss on ip-down

Bastian Venthur Tue, 17 Jan 2006 08:49:02 -0800

Subject: does not remove rule generated by ip-up.d/0clampmss on ip-down
Package: pppoeconf
Version: 1.7
Severity: normal


An `iptables --list` shows the following output:

$ sudo iptables --list
[...]
Chain FORWARD (policy ACCEPT)
[...]
flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS clamp to PMTU
TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS clamp to PMTU
TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS clamp to PMTU
TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS clamp to PMTU
TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS clamp to PMTU
TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS clamp to PMTU
TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS clamp to PMTU
TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS clamp to PMTU
TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS clamp to PMTU
TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS clamp to PMTU
[...]

This very same rule appears a few dozen times and it is caused by the 
script /etc/ppp/ip-up.d/0clampmss:

---8<---
#!/bin/sh
# Enable MSS clamping (autogenerated by pppoeconf)

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 
-j TCPMSS --clamp-mss-to-pmtu
--->8---

The problem is, that my DSL-connection is reset once every 24 hours so this 
roule get added once a day, but actually not removed when the connection is 
lost -- an apropiate rule in /etc/ppp/ip-down.d does not exist.

I don't know whether it does any harm to have the same roule several dozen 
times in the ruleset -- but it's ceartainly not normal.


Kind Regards

Bastian 

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8.1-router-2004-09-28
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages pppoeconf depends on:
ii  gettext-base            0.14.4-2         GNU Internationalization 
utilities
ii  ppp                     2.4.3-20050321+2 Point-to-Point Protocol (PPP) 
daem
ii  pppoe                   3.5-4            PPP over Ethernet driver
ii  sed                     4.1.2-8          The GNU sed stream editor
ii  whiptail [whiptail-prov 0.51.6-20        Displays user-friendly dialog 
boxe

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#348537: does not remove rule generated by ip-up.d/0clampmss on ip-down

Reply via email to