-# Iptables rules for Internet2 (exempt) nodes. Nodes sending traffic to any of the IPs
-# in the Internet2 ipset (hash) will end up the the slice's exempt queue. This supersedes the default config that lives in svn/iptables/planetlab-config
-#
-# $Id$
-#
-# Generated by iptables-save v1.3.8 on Fri Jul 25 15:09:03 2008
-*nat
-:PREROUTING ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
-# Completed on Fri Jul 25 15:09:03 2008
-# Generated by iptables-save v1.3.8 on Fri Jul 25 15:09:03 2008
+# Iptables rules for Internet2 (exempt) nodes. Nodes sending traffic
+# to any of the IPs in the Internet2 ipset (hash) will end up the the
+# slice's exempt queue. This supersedes the default config that lives
+# in svn/iptables/planetlab-config
+
*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:BLACKLIST - [0:0]
-:LOGDROP - [0:0]
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+:BLACKLIST -
+:LOGDROP -
-A OUTPUT -j BLACKLIST
--A OUTPUT -o eth0 -j ULOG --ulog-cprange 54 --ulog-qthreshold 16
-A LOGDROP -j LOG
-A LOGDROP -j DROP
COMMIT
-# Completed on Fri Jul 25 15:09:03 2008
-# Generated by iptables-save v1.3.8 on Fri Jul 25 15:09:03 2008
+
*mangle
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
--A INPUT -i ! lo -j MARK 0x0
--A POSTROUTING -j MARK 0x0
--A POSTROUTING -j CLASSIFY --set-class 0001:1000
--A POSTROUTING -m set --set Internet2 dst -j CLASSIFY --set-class 0001:2000
+:PREROUTING ACCEPT
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+:POSTROUTING ACCEPT
+-A INPUT -j MARK --copy-xid 0x0
+-A POSTROUTING -j MARK --copy-xid 0x0
+-A POSTROUTING -j CLASSIFY --set-class 0001:1000 --add-mark
+-A POSTROUTING -m set --set Internet2 dst -j CLASSIFY --set-class 0001:2000 --add-mark
+-A POSTROUTING -o eth0 -j ULOG --ulog-cprange 54 --ulog-qthreshold 16
COMMIT
-# Completed on Fri Jul 25 15:09:03 2008