Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Generated by iptables-save v1.4.7
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A OUTPUT -m connmark --mark 255 -j LOG
- -A OUTPUT -m connmark --mark 255 -j REJECT
- COMMIT
- # Completed
- # Generated by iptables-save v1.4.7
- *nat
- :PREROUTING ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :_overflow_ - [0:0]
- :_rotator_ - [0:0]
- :_snat-102_ - [0:0]
- :_snat-242_ - [0:0]
- :_snat-252_ - [0:0]
- :_snat-check-102_ - [0:0]
- :_snat-check-242_ - [0:0]
- :_snat-check-252_ - [0:0]
- :_snat-determine_ - [0:0]
- :_snats_ - [0:0]
- -A POSTROUTING -d 192.168.11.101/32 -p tcp -m tcp --dport 80 -j _snats_
- -A OUTPUT -d 192.168.11.101/32 -p tcp -m tcp --dport 80 -j _rotator_
- -A _overflow_ -j CONNMARK --set-xmark 255
- -A _rotator_ -m conntrack --ctstate ESTABLISHED -j ACCEPT
- -A _rotator_ -m conntrack --ctstate NEW -j _snat-determine_
- -A _rotator_ -j _overflow_
- -A _snat-check-102_ -m connlimit --connlimit-above 1 -j RETURN
- -A _snat-check-102_ -j CONNMARK --set-xmark 102
- -A _snat-check-102_ -j ACCEPT
- -A _snat-check-242_ -m connlimit --connlimit-above 1 -j RETURN
- -A _snat-check-242_ -j CONNMARK --set-xmark 242
- -A _snat-check-242_ -j ACCEPT
- -A _snat-check-252_ -m connlimit --connlimit-above 1 -j RETURN
- -A _snat-check-252_ -j CONNMARK --set-xmark 252
- -A _snat-check-252_ -j ACCEPT
- -A _snat-determine_ -j _snat-check-102_
- -A _snat-determine_ -j _snat-check-242_
- -A _snat-determine_ -j _snat-check-252_
- -A _snats_ -m connmark --mark 102 -j SNAT --to-source 192.168.11.102
- -A _snats_ -m connmark --mark 242 -j SNAT --to-source 192.168.11.242
- -A _snats_ -m connmark --mark 252 -j SNAT --to-source 192.168.11.252
- COMMIT
- # Completed
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
