[Firehol-support] Adding custom iptables rules to firehol config

Rick Marshall rjm at zenucom.com
Wed Jun 22 01:23:59 CEST 2011


Hi Daniel,

I put these sort of rules at the end of firehol.conf, and interface setup rules at the start.

Seems to work ok that way.

Regards
Rick

On 22/06/2011, at 4:57 AM, Daniel L. Miller wrote:

> I wanted to try some "simple" iptables rules to see if they have an 
> effect on my traffic.  I found these on some of the traffic shaping 
> sites.  Do I simply add these at the top of my script before any other 
> firehol commands - or is there a better way?
> 
> (firehol.conf)
> version 5
> FIREHOL_LOG_MODE="ULOG"
> source /etc/firehol/shaper.conf
> 
> # Adjust TOS flags to ensure speedy ssh
> iptables -t mangle -N tosfix
> iptables -t mangle -A tosfix -p tcp -m length --length 0:512 -j RETURN
> iptables -t mangle -A tosfix -m limit --limit 2/s --limit-burst 10 -j RETURN
> iptables -t mangle -A tosfix -j TOS --set-tos Maximize-Throughput
> iptables -t mangle -A tosfix -j RETURN
> iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Minimize-Delay -j 
> tosfix
> 
> # Tune ack packets
> iptables -t mangle -N ack
> iptables -t mangle -A ack -m tos ! --tos Normal-Service -j RETURN
> iptables -t mangle -A ack -p tcp -m length --length 0:128 \
>   -j TOS --set-tos Minimize-Delay
> iptables -t mangle -A ack -p tcp -m length --length 128: \
>   -j TOS --set-tos Maximize-Throughput
> iptables -t mangle -A ack -j RETURN
> iptables -t mangle -A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK 
> ACK -j ack
> 
> [...]
> snat
> dnat
> interface
> [...]
> 
> -- 
> Daniel
> 
> ------------------------------------------------------------------------------
> EditLive Enterprise is the world's most technically advanced content
> authoring tool. Experience the power of Track Changes, Inline Image
> Editing and ensure content is compliant with Accessibility Checking.
> http://p.sf.net/sfu/ephox-dev2dev
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support





More information about the Firehol-support mailing list