Rohde & Schwarz Topex Bytton LTE, User Manual

Page: 175 / 290

TOPEX Bytton (HSPA+ / LTE)
ByttonLTE(full)_genericUsermanual_sw306FAS_revN.1.docx Page: 175 / 290
Firewall view rule
# Generated by iptables-save v1.4.2 on Mon Mar 18 15:39:16 2013
*mangle
-A PREROUTING -i br0 -p tcp -m tcp --dport 1070 -m tos --tos 0x00/0xff -j
TOS --set-tos 0x20/0xff
-A PREROUTING -s 79.51.0.0/16 -i ipsec2 -p udp -m udp --sport 30512 -m tos
--tos 0x26/0xff -j TOS --set-tos 0x40/0xff
COMMIT
# Completed on Mon Mar 18 15:39:16 2013
# Generated by iptables-save v1.4.2 on Mon Mar 18 15:39:16 2013
*nat
:PREROUTING ACCEPT [8679:520048]
:OUTPUT ACCEPT [233:15324]
:POSTROUTING ACCEPT [202:12963]
-A POSTROUTING -o wan -j MASQUERADE
-A POSTROUTING -o ppp1 -j MASQUERADE
COMMIT
# Completed on Mon Mar 18 15:39:16 2013
# Generated by iptables-save v1.4.2 on Mon Mar 18 15:39:16 2013
*filter
:INPUT ACCEPT [468:49705]
:FORWARD ACCEPT [2:376]
:OUTPUT ACCEPT [2204:160634]
-A INPUT -s 192.168.1.179/32 -i br0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 161 -j ACCEPT
-A INPUT -p udp -m udp --dport 162 -j ACCEPT
-A INPUT -i tap0 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -i ipsec0 -j ACCEPT
-A INPUT -p ipv6-auth -j ACCEPT
-A INPUT -p udp -m udp --sport 500 --dport 500 -j ACCEPT
-A INPUT -p ipv6-crypt -j ACCEPT
-A FORWARD -d 64.65.23.117/32 -p udp -m udp --dport 1071 -j DROP
-A FORWARD -i br0 -j ACCEPT
-A FORWARD -p gre -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-
pmtu
-A FORWARD -i tap0 -j ACCEPT
-A FORWARD -i ipsec0 -j ACCEPT
-A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-
pmtu
COMMIT
# Completed on Mon Mar 18 15:39:16 2013
Figure 5-107: Actual listing of Active Rules of the firewall of Bytton ICR.