f555ac2276
before it happened regulary that locally generated ICMP messages left eth0 with wrong source address instead of going out via the vpn interface
31 lines
1.1 KiB
Text
31 lines
1.1 KiB
Text
# Generated by iptables-save v1.4.14 on Mon Aug 18 22:31:43 2014
|
|
*nat
|
|
:PREROUTING ACCEPT [1508898:60980199]
|
|
:INPUT ACCEPT [85622:9125051]
|
|
:OUTPUT ACCEPT [195829:12103496]
|
|
:POSTROUTING ACCEPT [194526:11989631]
|
|
-A POSTROUTING -o mullvad -j MASQUERADE
|
|
COMMIT
|
|
# Completed on Mon Aug 18 22:31:43 2014
|
|
# Generated by iptables-save v1.4.14 on Mon Aug 18 22:31:43 2014
|
|
*mangle
|
|
:PREROUTING ACCEPT [100732184:31760093690]
|
|
:INPUT ACCEPT [88878861:23870786312]
|
|
:FORWARD ACCEPT [10499612:7842070628]
|
|
:OUTPUT ACCEPT [158193447:33293545226]
|
|
:POSTROUTING ACCEPT [168692266:41135440990]
|
|
-A PREROUTING -i br-ffhh -j MARK --set-xmark 0x1/0xffffffff
|
|
-A PREROUTING -i mullvad -j MARK --set-xmark 0x1/0xffffffff
|
|
COMMIT
|
|
# Completed on Mon Aug 18 22:31:43 2014
|
|
# Generated by iptables-save v1.4.14 on Mon Aug 18 22:31:43 2014
|
|
*filter
|
|
:INPUT ACCEPT [88878720:23870769673]
|
|
:FORWARD ACCEPT [10499612:7842070628]
|
|
:OUTPUT ACCEPT [158192660:33293370754]
|
|
-A INPUT -i mullvad -m state --state INVALID,NEW,UNTRACKED -j DROP
|
|
-A FORWARD -i mullvad -m state --state INVALID,NEW,UNTRACKED -j DROP
|
|
-A FORWARD -o eth0 -j DROP
|
|
-A FORWARD -i eth0 -j DROP
|
|
COMMIT
|
|
# Completed on Mon Aug 18 22:31:43 2014
|