options-ipv4.rules 2.12 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# Generated by iptables-save v1.4.10 on Mon Jan 31 03:03:38 2011
*mangle
:PREROUTING ACCEPT [2461:977932]
:INPUT ACCEPT [2461:977932]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1740:367048]
:POSTROUTING ACCEPT [1740:367048]

# libipt_
-A INPUT -p ah -m ah --ahspi 1
-A INPUT -p ah -m ah --ahspi :2
-A INPUT -p ah -m ah --ahspi 0:3
-A INPUT -p ah -m ah --ahspi 4:
-A INPUT -p ah -m ah --ahspi 5:4294967295

-A FORWARD -p tcp -j ECN --ecn-tcp-remove
-A FORWARD -j LOG --log-prefix "hi" --log-tcp-sequence --log-tcp-options --log-ip-options --log-uid --log-macdecode
-A FORWARD -j TTL --ttl-inc 1
-A FORWARD -j TTL --ttl-dec 1
-A FORWARD -j TTL --ttl-set 1
-A FORWARD -j ULOG --ulog-prefix "abc" --ulog-cprange 2 --ulog-qthreshold 2
COMMIT
# Completed on Mon Jan 31 03:03:38 2011
# Generated by iptables-save v1.4.10 on Mon Jan 31 03:03:38 2011
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -d 1.2.3.4/32 -i lo -j CLUSTERIP --new --hashmode sourceip --clustermac 01:02:03:04:05:06 --total-nodes 9 --local-node 2 --hash-init 123456789
-A PREROUTING -i dummy0 -j DNAT --to-destination 1.2.3.4 --random --persistent
-A PREROUTING -i dummy0 -p tcp -j REDIRECT --to-ports 1-2 --random
-A POSTROUTING -o dummy0 -p tcp -j MASQUERADE --to-ports 1-2 --random
-A POSTROUTING -o dummy0 -p tcp -j NETMAP --to 1.0.0.0/8
-A POSTROUTING -o dummy0 -p tcp -j SNAT --to-source 1.2.3.4-1.2.3.5 --random --persistent
COMMIT
# Completed on Mon Jan 31 03:03:38 2011
# Generated by iptables-save v1.4.10 on Mon Jan 31 03:03:38 2011
*filter
:INPUT ACCEPT [76:13548]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [59:11240]
#-A INPUT -m addrtype --src-type UNICAST --dst-type UNICAST --limit-iface-in
-A INPUT -p tcp -m ecn --ecn-tcp-ece --ecn-tcp-cwr --ecn-ip-ect 0
-A INPUT -p tcp -m ecn --ecn-tcp-ece --ecn-tcp-cwr --ecn-ip-ect 1
-A INPUT -p icmp -m icmp --icmp-type 5/0
-A INPUT -p icmp -m icmp --icmp-type 5/1
-A INPUT -p icmp -m icmp --icmp-type 5
-A INPUT -m realm --realm 0x1 -m ttl --ttl-eq  64 -m ttl --ttl-lt  64 -m ttl --ttl-gt  64
-A FORWARD -p tcp -j REJECT --reject-with tcp-reset
COMMIT
# Completed on Mon Jan 31 03:03:39 2011