VPC : this is default iptables for vpc route

2012-07-26 14:32:08 -07:00 · 2012-07-26 14:32:08 -07:00 · d5d6c9f5f4
parent 0369fa3101
commit d5d6c9f5f4
2 changed files with 13 additions and 2 deletions
--- a/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter
+++ b/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter
@ -9,10 +9,11 @@ COMMIT
 :OUTPUT ACCEPT [0:0]
 -A INPUT -d 224.0.0.18/32 -j ACCEPT
 -A INPUT -d 225.0.0.50/32 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 COMMIT
 *mangle
 :PREROUTING ACCEPT [0:0]
@ -20,6 +21,5 @@ COMMIT
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
-A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
 -A OUTPUT -p udp --dport bootpc -j CHECKSUM --checksum-fill
 COMMIT
--- a/patches/systemvm/debian/config/etc/iptables/rt_tables_init
+++ b/patches/systemvm/debian/config/etc/iptables/rt_tables_init
@ -0,0 +1,11 @@
+#
+# reserved values
+#
+255     local
+254     main
+253     default
+0       unspec
+#
+# local
+#
+#1      inr.ruhep