Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- fw_custom_after_chain_creation() {
- # these rules will be loaded after the various input_* and forward_* chains
- # are created.
- # You can use this hook to allow/deny certain IP protocols or TCP/UDP
- # ports before the SuSEfirewall2 generated rules are hit.
- true
- }
- fw_custom_before_port_handling() {
- # these rules will be loaded after the anti-spoofing and icmp handling
- # and after the input has been redirected to the input_XXX and
- # forward_XXX chains and some basic chain-specific anti-circumvention
- # rules have been set,
- # but before any IP protocol or TCP/UDP port allow/protection rules
- # will be set.
- # You can use this hook to allow/deny certain IP protocols or TCP/UDP
- # ports before the SuSEfirewall2 generated rules are hit.
- true
- }
- fw_custom_before_masq() { # could also be named "after_port_handling()"
- # these rules will be loaded after the IP protocol and TCP/UDP port
- # handling, but before any IP forwarding (routing), masquerading
- # will be done.
- # NOTE: reverse masquerading is before directly after
- # fw_custom_before_port_handling !!!!
- # You can use this hook to ... hmmm ... I'm sure you'll find a use for
- # this ...
- true
- }
- fw_custom_before_denyall() { # could also be named "after_forwardmasq()"
- # these are the rules to be loaded after IP forwarding and masquerading
- # but before the logging and deny all section is set by SuSEfirewall2.
- # You can use this hook to prevent the logging of annoying packets.
- iptables -t mangle -A POSTROUTING -j ACCOUNT --addr 0/0 --tname wan
- iptables -t mangle -A FORWARD -j ACCOUNT --addr 10.180.1.0/24 --tname computers
- source /etc/inet_counters.conf
- echo "setting quota rule in_counter: " $IN_COUNTER
- iptables -t mangle -A POSTROUTING -m quota2 --quota $QUOTA --name global -j ACCEPT
- iptables -t mangle -A POSTROUTING -j CLASSIFY --set-class 1:11
- true
- }
- fw_custom_after_finished() {
- # these are the rules to be loaded after the firewall is fully configured
- tc qdisc del dev eth0 root
- tc qdisc del dev eth1 root
- tc qdisc add dev eth0 root handle 1:0 htb default 99
- tc class add dev eth0 parent 1:0 classid 1:11 htb rate 256Kbit ceil 256Kbit prio 2
- tc qdisc add dev eth0 parent 1:11 handle 10: sfq perturb 10
- tc qdisc add dev eth1 root handle 1:0 htb default 99
- tc class add dev eth1 parent 1:0 classid 1:11 htb rate 256Kbit ceil 256Kbit prio 2
- tc qdisc add dev eth1 parent 1:11 handle 10: sfq perturb 10
- #enable proxy-arp
- echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
- true
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement