diff --git a/package/gluon-iptables-clamp-mss-to-pmtu/Makefile b/package/gluon-iptables-clamp-mss-to-pmtu/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..c3f849882f0c2fae919980895ef1616680d85842
--- /dev/null
+++ b/package/gluon-iptables-clamp-mss-to-pmtu/Makefile
@@ -0,0 +1,25 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-iptables-clamp-mss-to-pmtu
+
+GLUON_VERSION = $(shell git describe --always --dirty=+ 2>/dev/null || echo unknown)
+PKG_VERSION:=$(if $(DUMP),x,$(GLUON_VERSION))
+
+include ../gluon.mk
+
+define Package/$(PKG_NAME)
+  TITLE:=This will establish a firewall rule to clamp the mss to pmtu on the mesh-vpn interface when the connection is towards 64:ff9b::/96
+  DEPENDS:= +ip6tables
+endef
+
+define Package/$(PKG_NAME)/description
+	Package working around icmp blackholes in the internet.
+endef
+
+define Package/$(PKG_NAME)/install
+	$(Gluon/Build/Install)
+
+	$(INSTALL_DIR) $(1)/lib/gluon
+endef
+
+$(eval $(call BuildPackageGluon,$(PKG_NAME)))
diff --git a/package/gluon-iptables-clamp-mss-to-pmtu/files/lib/gluon/mesh-vpn/iptables-mss.rules b/package/gluon-iptables-clamp-mss-to-pmtu/files/lib/gluon/mesh-vpn/iptables-mss.rules
new file mode 100644
index 0000000000000000000000000000000000000000..a4ff50b13dd02d05250a8a4d300e56b95ad71a20
--- /dev/null
+++ b/package/gluon-iptables-clamp-mss-to-pmtu/files/lib/gluon/mesh-vpn/iptables-mss.rules
@@ -0,0 +1,3 @@
+*mangle
+-A FORWARD -o mesh-vpn -p tcp -m tcp --tcp-flags SYN,RST SYN -d 64:ff9b::/96 -j TCPMSS --clamp-mss-to-pmtu
+COMMIT
diff --git a/package/gluon-iptables-clamp-mss-to-pmtu/luasrc/lib/gluon/upgrade/800-iptables-mesh-vpn-clamp-mss-to-pmtu b/package/gluon-iptables-clamp-mss-to-pmtu/luasrc/lib/gluon/upgrade/800-iptables-mesh-vpn-clamp-mss-to-pmtu
new file mode 100755
index 0000000000000000000000000000000000000000..961a063efc76568e06e97ed35db38c4a6cdda9cd
--- /dev/null
+++ b/package/gluon-iptables-clamp-mss-to-pmtu/luasrc/lib/gluon/upgrade/800-iptables-mesh-vpn-clamp-mss-to-pmtu
@@ -0,0 +1,10 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+uci:section('firewall', 'include', 'vpn_clamp_mss', {
+	family = 'ipv6',
+	type = 'restore',
+	path = '/lib/gluon/mesh-vpn/iptables-mss.rules'
+})
+
+uci:save('firewall')