1 # Iptables rules for Internet2 (exempt) nodes. Nodes sending traffic
2 # to any of the IPs in the Internet2 ipset (hash) will end up the the
3 # slice's exempt queue. This supersedes the default config that lives
4 # in svn/iptables/planetlab-config
12 -A OUTPUT -j BLACKLIST
23 -A INPUT -j MARK --copy-xid 0x0
24 -A POSTROUTING -j MARK --copy-xid 0x0
25 -A POSTROUTING -j CLASSIFY --set-class 0001:1000 --add-mark
26 -A POSTROUTING -m set --set Internet2 dst -j CLASSIFY --set-class 0001:2000 --add-mark
27 -A POSTROUTING -o eth0 -j ULOG --ulog-cprange 54 --ulog-qthreshold 16