df -h

nat forward ipv6

server:~# echo “1”> /proc/sys/net/ipv6/conf/all/forwarding

iptables:

iptables -I OUTPUT -p ipv6 -j ACCEPT

iptables -I INPUT  -p ipv6 -j ACCEPT

ip6tables

server:~# cat ~/ip6tables.bak
# Generated by ip6tables-save
*filter
:INPUT DROP [0:0]
:FORWARD DROP [7:420]
:OUTPUT DROP [0:0]
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun1 -j ACCEPT
-A INPUT -m rt —rt-type 0 -j DROP
-A INPUT -s fe80::/10 -j ACCEPT
-A INPUT -s ff00::/8 -j ACCEPT
-A FORWARD -p ipv6-icmp -j ACCEPT
-A FORWARD -m rt —rt-type 0 -j DROP
-A FORWARD -s ::/48 -i tun1 -o eth0 -m state —state NEW -j ACCEPT
-A FORWARD -m state —state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p ipv6-icmp -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o tun1 -j ACCEPT
-A OUTPUT -m rt —rt-type 0 -j DROP
-A OUTPUT -s fe80::/10 -j ACCEPT
-A OUTPUT -s ff00::/8 -j ACCEPT
COMMIT
#

• Tags:
  • ip6tables
  • iptables
  • linux

• April 21, 2011, 12:18pm

        5 notes

• Permalink

set tos

iptables -t mangle -A POSTROUTING -o eth1.102 -j TOS —set-tos 0xA0

set tos 0xA0 on vlan 102

• Tags:
  • iptables

• May 17, 2010, 1:41pm

        17 notes

• Permalink

ban sshd invalid user

tail -10000 /var/log/messages | egrep sshd | egrep Invalid | awk ‘{print $10}’ | sort -n | uniq -c | sort -n | awk ‘{print “iptables -I INPUT 1 -s “$2” -j DROP”}’ | sh

• Tags:
  • security
  • iptables

• March 26, 2010, 10:25am

        9 notes

• Permalink

nat forward

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -I FORWARD 1 -s 10.0.0.0/8 -j ACCEPT

iptables -I FORWARD 2 -d 10.0.0.0/8 -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -j MASQUERADE

• Tags:
  • iptables

• February 18, 2010, 11:36am

        3 notes

• Permalink