[Firehol-support] Adding custom iptables rules to firehol config
Rick Marshall
rjm at zenucom.com
Wed Jun 22 00:23:59 BST 2011
Hi Daniel,
I put these sort of rules at the end of firehol.conf, and interface setup rules at the start.
Seems to work ok that way.
Regards
Rick
On 22/06/2011, at 4:57 AM, Daniel L. Miller wrote:
> I wanted to try some "simple" iptables rules to see if they have an
> effect on my traffic. I found these on some of the traffic shaping
> sites. Do I simply add these at the top of my script before any other
> firehol commands - or is there a better way?
>
> (firehol.conf)
> version 5
> FIREHOL_LOG_MODE="ULOG"
> source /etc/firehol/shaper.conf
>
> # Adjust TOS flags to ensure speedy ssh
> iptables -t mangle -N tosfix
> iptables -t mangle -A tosfix -p tcp -m length --length 0:512 -j RETURN
> iptables -t mangle -A tosfix -m limit --limit 2/s --limit-burst 10 -j RETURN
> iptables -t mangle -A tosfix -j TOS --set-tos Maximize-Throughput
> iptables -t mangle -A tosfix -j RETURN
> iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Minimize-Delay -j
> tosfix
>
> # Tune ack packets
> iptables -t mangle -N ack
> iptables -t mangle -A ack -m tos ! --tos Normal-Service -j RETURN
> iptables -t mangle -A ack -p tcp -m length --length 0:128 \
> -j TOS --set-tos Minimize-Delay
> iptables -t mangle -A ack -p tcp -m length --length 128: \
> -j TOS --set-tos Maximize-Throughput
> iptables -t mangle -A ack -j RETURN
> iptables -t mangle -A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK
> ACK -j ack
>
> [...]
> snat
> dnat
> interface
> [...]
>
> --
> Daniel
>
> ------------------------------------------------------------------------------
> EditLive Enterprise is the world's most technically advanced content
> authoring tool. Experience the power of Track Changes, Inline Image
> Editing and ensure content is compliant with Accessibility Checking.
> http://p.sf.net/sfu/ephox-dev2dev
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
More information about the Firehol-support
mailing list