API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 19th, 2017
54
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.55 KB | None | 0 0
raw download clone embed print report
  1. fw_custom_after_chain_creation() {
  2. # these rules will be loaded after the various input_* and forward_* chains
  3. # are created.
  4. # You can use this hook to allow/deny certain IP protocols or TCP/UDP
  5. # ports before the SuSEfirewall2 generated rules are hit.
  6. true
  7. }
  8. fw_custom_before_port_handling() {
  9. # these rules will be loaded after the anti-spoofing and icmp handling
  10. # and after the input has been redirected to the input_XXX and
  11. # forward_XXX chains and some basic chain-specific anti-circumvention
  12. # rules have been set,
  13. # but before any IP protocol or TCP/UDP port allow/protection rules
  14. # will be set.
  15. # You can use this hook to allow/deny certain IP protocols or TCP/UDP
  16. # ports before the SuSEfirewall2 generated rules are hit.
  17. true
  18. }
  19. fw_custom_before_masq() { # could also be named "after_port_handling()"
  20. # these rules will be loaded after the IP protocol and TCP/UDP port
  21. # handling, but before any IP forwarding (routing), masquerading
  22. # will be done.
  23. # NOTE: reverse masquerading is before directly after
  24. # fw_custom_before_port_handling !!!!
  25. # You can use this hook to ... hmmm ... I'm sure you'll find a use for
  26. # this ...
  27. true
  28. }
  29. fw_custom_before_denyall() { # could also be named "after_forwardmasq()"
  30. # these are the rules to be loaded after IP forwarding and masquerading
  31. # but before the logging and deny all section is set by SuSEfirewall2.
  32. # You can use this hook to prevent the logging of annoying packets.
  33. iptables -t mangle -A POSTROUTING -j ACCOUNT --addr 0/0 --tname wan
  34. iptables -t mangle -A FORWARD -j ACCOUNT --addr 10.180.1.0/24 --tname computers
  35.  
  36. source /etc/inet_counters.conf
  37. echo "setting quota rule in_counter: " $IN_COUNTER
  38. iptables -t mangle -A POSTROUTING -m quota2 --quota $QUOTA --name global -j ACCEPT
  39. iptables -t mangle -A POSTROUTING -j CLASSIFY --set-class 1:11
  40. true
  41. }
  42. fw_custom_after_finished() {
  43. # these are the rules to be loaded after the firewall is fully configured
  44. tc qdisc del dev eth0 root
  45. tc qdisc del dev eth1 root
  46. tc qdisc add dev eth0 root handle 1:0 htb default 99
  47. tc class add dev eth0 parent 1:0 classid 1:11 htb rate 256Kbit ceil 256Kbit prio 2
  48. tc qdisc add dev eth0 parent 1:11 handle 10: sfq perturb 10
  49. tc qdisc add dev eth1 root handle 1:0 htb default 99
  50. tc class add dev eth1 parent 1:0 classid 1:11 htb rate 256Kbit ceil 256Kbit prio 2
  51. tc qdisc add dev eth1 parent 1:11 handle 10: sfq perturb 10
  52. #enable proxy-arp
  53. echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
  54. true
  55. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!