Dynamic MSS clamping rules no longer display. [Solved - Non issue]

marrold · August 9, 2015, 11:51am

Hi all,

I’ve noticed that in older versions of ROS, the dynamic MSS clamping mangle rules are present-

ROS Version 6.18

 / ip firewall mangle print dynamic
Flags: X - disabled, I - invalid, D - dynamic
 0 D chain=forward action=change-mss new-mss=1418 passthrough=yes tcp-flags=syn protocol=tcp in-interface=all-ppp tcp-mss=1419-65535

 1 D chain=forward action=change-mss new-mss=1418 passthrough=yes tcp-flags=syn protocol=tcp out-interface=all-ppp tcp-mss=1419-65535

ROS Version 6.30.2

/ ip firewall mangle print dynamic
Flags: X - disabled, I - invalid, D - dynamic

I can see TCP syn packets leave the router with the correct MSS value, so it looks like it’s working as it should be. But why can’t I see the mangle rules?

Thanks

marrold · August 9, 2015, 1:45pm

Ok, I’ve figured this one out. The dynamic rules only display if MTU of PPP links on the router are below 1500 bytes.

Case closed