Tobias Tertel <tobias.tertel@xxxxxxxxxx> wrote: > I tried to translate an iptables command to nftables. The orignal command > ist > > -A FORWARD -p tcp -m policy --dir in --pol ipsec -m tcp --tcp-flags SYN,RST > SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360 > -A FORWARD -p tcp -m policy --dir out --pol ipsec -m tcp --tcp-flags SYN,RST > SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360 > > Unfortunately iptables-restore-translate could not do it. > > I can't do it on my own. Can anybody tell me the right command? Its something like forward meta secpath exists tcp option maxseg size 1361-1536 tcp option maxseg size set 1360
