Mangle TTL
-
Is there any way to mangle TTL similar to below, from the GUI?
/sbin/iptables -A PREROUTING -t mangle -i eth1.10 -d 239.255.255.250 -j TTL --ttl-set 4
-
Use this: https://forum.netgate.com/search you're not the first one asking this question.
-
Thanks already tried that will have another look...
-
No.
-
Thanks,
For anybody interested in trying this via CLI, here is how I did it by adding mit-ttl 4 to the line below:
less /etc/inc/filter.inc | grep scrub
$rules .= filter_generate_scrubing();
function filter_generate_scrubing() {
$scrubrules = "";
$scrubrules .= "scrub from any to <vpn_networks> max-mss {$maxmss}\n";
$scrubrules .= "scrub from <vpn_networks> to any max-mss {$maxmss}\n";
/* disable scrub option */
foreach ($FilterIflist as $scrubif => $scrubcfg) {
if (isset($scrubcfg['virtual']) || empty($scrubcfg['descr'])) {
if (($scrubcfg['mss'] <> "") &&
(is_numeric($scrubcfg['mss']))) {
$mssclamp = "max-mss " . (intval($scrubcfg['mss'] - 40));
if ($config['system']['scrubnodf']) {
$scrubnodf = "no-df";
$scrubnodf = "";
if ($config['system']['scrubrnid']) {
$scrubrnid = "random-id";
$scrubrnid = "";
if (!isset($config['system']['disablescrub'])) {
$scrubrules .= "scrub on ${$scrubcfg['descr']} all min-ttl 4 {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all directions
$scrubrules .= "scrub on ${$scrubcfg['descr']} {$mssclamp}\n";
return $scrubrules;Changes were confirmed by:
pfctl -sr | grep scrub
scrub on pppoe1 all min-ttl 4 fragment reassemble
scrub on em0.5 all min-ttl 4 fragment reassemble
scrub on em0.10 all min-ttl 4 fragment reassemble
scrub on em0.20 all min-ttl 4 fragment reassemble
scrub on ovpnc6 all min-ttl 4 fragment reassemble
scrub on em0.50 all min-ttl 4 fragment reassemble
scrub on em0.60 all min-ttl 4 fragment reassemble
scrub on em0.11 all min-ttl 4 fragment reassemble
scrub on em0.40 all min-ttl 4 fragment reassemble
scrub on ovpnc2 all min-ttl 4 fragment reassemble
scrub on ovpnc3 all min-ttl 4 fragment reassemble
scrub on em0.80 all min-ttl 4 fragment reassemble
scrub on ovpnc4 all min-ttl 4 fragment reassemble
scrub on em0.7 all min-ttl 4 fragment reassembleI am actually going to revert this change and use a separate VM for the multicast reflection and manipulation I am trying to achieve to have a Set Top Box and Speakers in a separate IOT VLAN.
