Differences

This shows you the differences between two versions of the page.

--- iptables [2014/11/24 01:14]
0.0.0.0 created
+++ iptables [2014/11/24 02:11]
ben
@@ Line 3: / Line 3: @@
 ===== Gateway Firewall Configuration =====
 The firewall configuration is held in subversion, at the url
-<tt>svn+ssh://username@subversion.sihnon.net/var/svn/repos/configs/firewall/santo/iptables.bath</tt>. The live copy of the rules are held in santo:/etc/firewall/iptables.bath, and have been checked out using read-only https access to the repository. Please edit changes in your homedir, commit the changes to subversion, and update the live copy to update the config; do not make changes to the live copy of the rules as these cannot be committed to the repository and the changes may be lost.
+''svn+ssh://username@subversion.sihnon.net/var/svn/repos/configs/firewall/santo/iptables.bath''. The live copy of the rules are held in santo:/etc/firewall/iptables.bath, and have been checked out using read-only https access to the repository. Please edit changes in your homedir, commit the changes to subversion, and update the live copy to update the config; do not make changes to the live copy of the rules as these cannot be committed to the repository and the changes may be lost.
-To test rules while editing the rules file, the <tt>iptables-restore</tt> tool can be used. Changes made using this tool are not persistent and will not survive a reboot.
+To test rules while editing the rules file, the ''iptables-restore'' tool can be used. Changes made using this tool are not persistent and will not survive a reboot.
 To add new holes for specific machines, scroll to the bottom of the file and copy an existing example. To add new machines is slightly more complex, but there are already examples for most scenarios in this file.
@@ Line 25: / Line 25: @@
 {{Kernel|2.6.28-gentoo-r1|<code>1@@</code>}}
-Create an alternate routing table by adding the following line to the end of <tt>rt_tables</tt>.
+Create an alternate routing table by adding the following line to the end of ''rt_tables''.
 {{File|/etc/iproute2/rt_tables|<code>2@@</code>}}
@@ Line 33: / Line 33: @@
 {{File|/etc/conf.d/net|<code>3@@</code>}}
-Now we need to specify that certain connections will be sent according to the alternate routing table instead of the main one. These scripts are stored in subversion, under <tt>routing-rules</tt> init script at [[https://dev.sihnon.net/svnpriv/configs/network/router|configs:/network/router]] but is configured like this:
+Now we need to specify that certain connections will be sent according to the alternate routing table instead of the main one. These scripts are stored in subversion, under ''routing-rules'' init script at [[https://dev.sihnon.net/svnpriv/configs/network/router|configs:/network/router]] but is configured like this:
 {{File|/etc/conf.d/routing-rules|<code>4@@</code>}}
@@ Line 52: / Line 52: @@
 In the mangle table
-<source lang="bash">
+<code bash>
     - Mark packets depending on which vlan the arrived from
   - use the lower 4 bits of the mark space to store this information
@@ Line 69: / Line 69: @@
 -A PREROUTING -m state --state NEW -m physdev --physdev-in vlan11 -j CONNMARK --set-mark 11/15
 -A PREROUTING -m state --state NEW -m physdev --physdev-in ath0   -j CONNMARK --set-mark 12/15
-</source>
+</code>
 ==== Blocking too many rapid connection attempts ====
 The following iptables rules block rapid SSH connections from a single source.
-<source lang="bash">
+<code bash>
   - Ssh Whitelisting
 -N SSH_WHITELIST
@@ Line 92: / Line 92: @@
 -A SSH_WHITELIST -s 152.78.0.0/16 -m recent --remove --name SSH -j ACCEPT
 -A SSH_WHITELIST -j RETURN
-</source>
+</code>

Sihnon wiki

User Tools

Site Tools

Differences

Page Tools