[Firehol-support] Adding custom iptables rules to firehol config
Daniel L. Miller
dmiller at amfes.com
Tue Jun 21 19:57:11 BST 2011
I wanted to try some "simple" iptables rules to see if they have an
effect on my traffic. I found these on some of the traffic shaping
sites. Do I simply add these at the top of my script before any other
firehol commands - or is there a better way?
(firehol.conf)
version 5
FIREHOL_LOG_MODE="ULOG"
source /etc/firehol/shaper.conf
# Adjust TOS flags to ensure speedy ssh
iptables -t mangle -N tosfix
iptables -t mangle -A tosfix -p tcp -m length --length 0:512 -j RETURN
iptables -t mangle -A tosfix -m limit --limit 2/s --limit-burst 10 -j RETURN
iptables -t mangle -A tosfix -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A tosfix -j RETURN
iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Minimize-Delay -j
tosfix
# Tune ack packets
iptables -t mangle -N ack
iptables -t mangle -A ack -m tos ! --tos Normal-Service -j RETURN
iptables -t mangle -A ack -p tcp -m length --length 0:128 \
-j TOS --set-tos Minimize-Delay
iptables -t mangle -A ack -p tcp -m length --length 128: \
-j TOS --set-tos Maximize-Throughput
iptables -t mangle -A ack -j RETURN
iptables -t mangle -A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK
ACK -j ack
[...]
snat
dnat
interface
[...]
--
Daniel
More information about the Firehol-support
mailing list