+++ /dev/null
-# Iptables rules for Internet2 (exempt) nodes. Nodes sending traffic
-# to any of the IPs in the Internet2 ipset (hash) will end up the the
-# slice's exempt queue. This supersedes the default config that lives
-# in svn/iptables/planetlab-config
-
-*filter
-:INPUT ACCEPT
-:FORWARD ACCEPT
-:OUTPUT ACCEPT
-:BLACKLIST -
-:LOGDROP -
--A OUTPUT -j BLACKLIST
--A LOGDROP -j LOG
--A LOGDROP -j DROP
-COMMIT
-
-*mangle
-:PREROUTING ACCEPT
-:INPUT ACCEPT
-:FORWARD ACCEPT
-:OUTPUT ACCEPT
-:POSTROUTING ACCEPT
--A INPUT -j MARK --copy-xid 0x0
--A POSTROUTING -j MARK --copy-xid 0x0
--A POSTROUTING -j CLASSIFY --set-class 0001:1000 --add-mark
--A POSTROUTING -m set --set Internet2 dst -j CLASSIFY --set-class 0001:2000 --add-mark
--A POSTROUTING -o eth0 -j ULOG --ulog-cprange 54 --ulog-qthreshold 16
-COMMIT