f9c956e677
Masquerading packets on lo actually drops them when there is no default route. This causes problems with commutication between ntpd processes (ntp main daemon and resolver). And perhaps many more...
29 lines
872 B
Plaintext
29 lines
872 B
Plaintext
# Generated by iptables-save v1.4.5 on Mon Sep 6 08:57:46 2010
|
|
*nat
|
|
:PREROUTING ACCEPT [85:5912]
|
|
:OUTPUT ACCEPT [0:0]
|
|
:POSTROUTING ACCEPT [0:0]
|
|
:PR-QBS - [0:0]
|
|
-A PREROUTING -j PR-QBS
|
|
-A POSTROUTING -o vif+ -j ACCEPT
|
|
-A POSTROUTING -o lo -j ACCEPT
|
|
-A POSTROUTING -j MASQUERADE
|
|
COMMIT
|
|
# Completed on Mon Sep 6 08:57:46 2010
|
|
# Generated by iptables-save v1.4.5 on Mon Sep 6 08:57:46 2010
|
|
*filter
|
|
:INPUT ACCEPT [168:11399]
|
|
:FORWARD ACCEPT [0:0]
|
|
:OUTPUT ACCEPT [128:12536]
|
|
-A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP
|
|
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
-A INPUT -p icmp -j ACCEPT
|
|
-A INPUT -i lo -j ACCEPT
|
|
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
|
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
-A FORWARD -i vif+ -o vif+ -j DROP
|
|
-A FORWARD -i vif+ -j ACCEPT
|
|
-A FORWARD -j DROP
|
|
COMMIT
|
|
# Completed on Mon Sep 6 08:57:46 2010
|