# Iptables rules for Internet2 (exempt) nodes.  Nodes sending traffic to any of the IPs
# in the Internet2 ipset (hash) will end up the the slice's exempt queue.  This supersedes the default config that lives in svn/iptables/planetlab-config
#
# $Id$
#
# Generated by iptables-save v1.3.8 on Fri Jul 25 15:09:03 2008
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Jul 25 15:09:03 2008
# Generated by iptables-save v1.3.8 on Fri Jul 25 15:09:03 2008
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:BLACKLIST - [0:0]
:LOGDROP - [0:0]
-A OUTPUT -j BLACKLIST
-A OUTPUT -o eth0 -j ULOG --ulog-cprange 54 --ulog-qthreshold 16
-A LOGDROP -j LOG
-A LOGDROP -j DROP
COMMIT
# Completed on Fri Jul 25 15:09:03 2008
# Generated by iptables-save v1.3.8 on Fri Jul 25 15:09:03 2008
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A INPUT -i ! lo -j MARK 0x0
-A POSTROUTING -j MARK 0x0
-A POSTROUTING -j CLASSIFY --set-class 0001:1000
-A POSTROUTING -m set --set Internet2 dst -j CLASSIFY --set-class 0001:2000
COMMIT
# Completed on Fri Jul 25 15:09:03 2008