diff --git a/src/decode.h b/src/decode.h
index aa21f1a8ad..85b4faf560 100644
--- a/src/decode.h
+++ b/src/decode.h
@@ -597,6 +597,7 @@ Packet;
 /** highest mtu of the interfaces we monitor */
 extern int g_default_mtu;
 #define DEFAULT_MTU 1500
+#define MINIMUM_MTU 68      /**< ipv4 minimum: rfc791 */
 
 #define DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN)
 /* storage: maximum ip packet size + link header */
diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 1b5e42c0b4..a3896435ae 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -344,12 +344,21 @@ int StreamTcpReassemblyConfig(char quiet)
             SCLogDebug("segpre->val %s", segpre->val);
 
             uint16_t pktsize = 0;
-            if (ByteExtractStringUint16(&pktsize, 10, strlen(segsize->val),
-                                        segsize->val) == -1)
-            {
-                SCLogError(SC_ERR_INVALID_ARGUMENT, "segment packet size "
-                                                    "of %s is invalid", segsize->val);
-                return -1;
+            if (strcmp("from_mtu", segsize->val) == 0) {
+                int mtu = g_default_mtu ? g_default_mtu : DEFAULT_MTU;
+                if (mtu < MINIMUM_MTU) {
+                    FatalErrorOnInit(SC_ERR_INVALID_ARGUMENT, "invalid mtu %d", mtu);
+                    continue;
+                }
+                pktsize = mtu - 40;
+            } else {
+                if (ByteExtractStringUint16(&pktsize, 10, strlen(segsize->val),
+                            segsize->val) == -1)
+                {
+                    SCLogError(SC_ERR_INVALID_ARGUMENT, "segment packet size "
+                            "of %s is invalid", segsize->val);
+                    return -1;
+                }
             }
             uint32_t prealloc = 0;
             if (ByteExtractStringUint32(&prealloc, 10, strlen(segpre->val),
@@ -379,6 +388,10 @@ int StreamTcpReassemblyConfig(char quiet)
             SCLogConfig("appended a segment pool for pktsize 65536");
         }
     } else if (npools == 0) {
+        int mtu = g_default_mtu;
+        if (mtu < MINIMUM_MTU)
+            mtu = DEFAULT_MTU;
+
         /* defaults */
         sizes[0].pktsize = 4;
         sizes[0].prealloc = 256;
@@ -392,7 +405,7 @@ int StreamTcpReassemblyConfig(char quiet)
         sizes[4].prealloc = 512;
         sizes[5].pktsize = 768;
         sizes[5].prealloc = 1024;
-        sizes[6].pktsize = 1448;
+        sizes[6].pktsize = mtu - 40; // min size of ipv4+tcp hdrs
         sizes[6].prealloc = 1024;
         sizes[7].pktsize = 0xffff;
         sizes[7].prealloc = 128;
diff --git a/suricata.yaml.in b/suricata.yaml.in
index b733ea1b10..caecd0798a 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1220,7 +1220,9 @@ stream:
     #    prealloc: 512
     #  - size: 768
     #    prealloc: 1024
-    #  - size: 1448
+    # 'from_mtu' means that the size is mtu - 40,
+    # or 1460 if mtu couldn't be determined.
+    #  - size: from_mtu
     #    prealloc: 1024
     #  - size: 65535
     #    prealloc: 128