bridge-nf-filter-pppoe-tagged mtu bug?

Support for security such as Firewalls and securing linux
Post Reply
R_VolAnd
Posts: 1
Joined: 2018/06/28 19:30:08

bridge-nf-filter-pppoe-tagged mtu bug?

Post by R_VolAnd » 2018/06/28 19:54:17

Hi, all

CentOs 6.9
I already has cofigured brdge br0.

(user.pppoe)-------(server.brdge)-------(ISP)

So, now I want to filter out IP packets by IP adressess from PPPoE traffic that passes over the bridge. Server hasn't local ppp interfaces.
But. Then I seting up system variables:

bridge-nf-call-iptables=1
bridge-nf-filter-pppoe-tagged=1

User got a problem. Some sites are unable to load and give an error.

If I set variables like that:

bridge-nf-call-iptables=1
bridge-nf-filter-pppoe-tagged=0

or unset both to 0, all of sites working fine.
Seems like MTU Black Hole issure. I tried chage MTU by MSS value in iptables, but unfortunatly.

Is it netfilter bug? How to fix it?

Post Reply