X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PlanetLabConf%2Fiptables-Internet2;h=c1982cc8556d7d5d2d9e24072ca99f337cfbb187;hb=a28789fc1be071fe66fb5948759cf1d309d69f8b;hp=cabcf8d69ec8868daa1407a6148b86c79e528f2a;hpb=f46e9ad11ae76f94da38092f52910f16e6188533;p=nodeconfig.git

diff --git a/PlanetLabConf/iptables-Internet2 b/PlanetLabConf/iptables-Internet2
index cabcf8d..c1982cc 100644
--- a/PlanetLabConf/iptables-Internet2
+++ b/PlanetLabConf/iptables-Internet2
@@ -1,38 +1,28 @@
-# Iptables rules for Internet2 (exempt) nodes.  Nodes sending traffic to any of the IPs
-# in the Internet2 ipset (hash) will end up the the slice's exempt queue.  This supersedes the default config that lives in svn/iptables/planetlab-config
-#
-# $Id$
-#
-# Generated by iptables-save v1.3.8 on Fri Jul 25 15:09:03 2008
-*nat
-:PREROUTING ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
-# Completed on Fri Jul 25 15:09:03 2008
-# Generated by iptables-save v1.3.8 on Fri Jul 25 15:09:03 2008
+# Iptables rules for Internet2 (exempt) nodes.  Nodes sending traffic
+# to any of the IPs in the Internet2 ipset (hash) will end up the the
+# slice's exempt queue.  This supersedes the default config that lives
+# in svn/iptables/planetlab-config
+
 *filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:BLACKLIST - [0:0]
-:LOGDROP - [0:0]
+:INPUT ACCEPT 
+:FORWARD ACCEPT 
+:OUTPUT ACCEPT 
+:BLACKLIST - 
+:LOGDROP - 
 -A OUTPUT -j BLACKLIST
--A OUTPUT -o eth0 -j ULOG --ulog-cprange 54 --ulog-qthreshold 16
 -A LOGDROP -j LOG
 -A LOGDROP -j DROP
 COMMIT
-# Completed on Fri Jul 25 15:09:03 2008
-# Generated by iptables-save v1.3.8 on Fri Jul 25 15:09:03 2008
+
 *mangle
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
--A INPUT -i ! lo -j MARK --copy-xid 0x0
+:PREROUTING ACCEPT 
+:INPUT ACCEPT 
+:FORWARD ACCEPT 
+:OUTPUT ACCEPT 
+:POSTROUTING ACCEPT 
+-A INPUT -j MARK --copy-xid 0x0
 -A POSTROUTING -j MARK --copy-xid 0x0
--A POSTROUTING -j CLASSIFY --set-class 0001:1000
--A POSTROUTING -m set --set Internet2 dst -j CLASSIFY --set-class 0001:2000
+-A POSTROUTING -j CLASSIFY --set-class 0001:1000 --add-mark
+-A POSTROUTING -m set --set Internet2 dst -j CLASSIFY --set-class 0001:2000 --add-mark
+-A POSTROUTING -o eth0 -j ULOG --ulog-cprange 54 --ulog-qthreshold 16
 COMMIT
-# Completed on Fri Jul 25 15:09:03 2008