Rohde & Schwarz Topex Bytton LTE, Руководство пользователя

Страница: 210 / 290

TOPEX Bytton (HSPA+ / LTE)
ByttonLTE(full)_genericUsermanual_sw306FAS_revN.1.docx Page: 210 / 290
Firewall view rule
# Generated by iptables-save v1.4.2 on Mon Mar 18 17:06:40 2013
*mangle
-A PREROUTING -i br0 -p tcp -m tcp --dport 1070 -m tos --tos 0x00/0xff -j
TOS --set-tos 0x20/0xff
-A PREROUTING -s 79.51.0.0/16 -i ipsec2 -p udp -m udp --sport 30512 -m tos
--tos 0x26/0xff -j TOS --set-tos 0x40/0xff
-A PREROUTING -d 10.10.10.64/30 -i ipsec2 -p udp -m udp --dport 534 -m tos
--tos 0x22/0xff -j TOS --set-tos 0x48/0xff
COMMIT
# Completed on Mon Mar 18 17:06:41 2013
# Generated by iptables-save v1.4.2 on Mon Mar 18 17:06:41 2013
*nat
-A POSTROUTING -o wan -j MASQUERADE
-A POSTROUTING -o ppp1 -j MASQUERADE
COMMIT
# Completed on Mon Mar 18 17:06:41 2013
# Generated by iptables-save v1.4.2 on Mon Mar 18 17:06:41 2013
*filter
:INPUT ACCEPT [159:15747]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1458:141258]
-A INPUT -s 192.168.1.179/32 -i br0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 161 -j ACCEPT
-A INPUT -p udp -m udp --dport 162 -j ACCEPT
-A INPUT -i tap0 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -i ipsec0 -j ACCEPT
-A INPUT -p ipv6-auth -j ACCEPT
-A INPUT -p udp -m udp --sport 500 --dport 500 -j ACCEPT
-A INPUT -p ipv6-crypt -j ACCEPT
-A FORWARD -d 64.65.23.117/32 -p udp -m udp --dport 1071 -j DROP
-A FORWARD -i br0 -j ACCEPT
-A FORWARD -p gre -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-
pmtu
-A FORWARD -i tap0 -j ACCEPT
-A FORWARD -i ipsec0 -j ACCEPT
-A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-
pmtu
COMMIT
# Completed on Mon Mar 18 17:06:41 2013
BACK
Figure 5-142: TOS rules generated in the Bzt tonţs firewall