Add NAT section to IPv4 rules
This commit is contained in:
parent
aed1e6f71a
commit
be35d537f9
|
@ -35,12 +35,13 @@
|
||||||
# a host.
|
# a host.
|
||||||
#
|
#
|
||||||
# Parts 1 and 3 of these rules are the same for each host, whilst part 2 can be
|
# Parts 1 and 3 of these rules are the same for each host, whilst part 2 can be
|
||||||
# populated with rules specific to particular hosts.
|
# populated with rules specific to particular hosts. The optional part 4 is
|
||||||
|
# prepared for a NAT rules, e.g. for port forwarding, redirect, masquerade...
|
||||||
#
|
#
|
||||||
# This template is based on http://jdem.cz/v64a3 from University of Leicester
|
# This template is based on http://jdem.cz/v64a3 from University of Leicester
|
||||||
#
|
#
|
||||||
# @author Jakub Jirutka <jakub@jirutka.cz>
|
# @author Jakub Jirutka <jakub@jirutka.cz>
|
||||||
# @version 1.2.1
|
# @version 1.3
|
||||||
# @date 2014-01-26
|
# @date 2014-01-26
|
||||||
#
|
#
|
||||||
|
|
||||||
|
@ -147,3 +148,26 @@
|
||||||
-A INPUT -m limit --limit 1/second --limit-burst 100 -j LOG --log-prefix "iptables[DOS]: "
|
-A INPUT -m limit --limit 1/second --limit-burst 100 -j LOG --log-prefix "iptables[DOS]: "
|
||||||
|
|
||||||
COMMIT
|
COMMIT
|
||||||
|
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# 4. HOST SPECIFIC NAT RULES #
|
||||||
|
# #
|
||||||
|
# Uncomment this section if you want to use NAT table, e.g. for port #
|
||||||
|
# forwarding, redirect, masquerade... #
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
#*nat
|
||||||
|
|
||||||
|
# Base policy
|
||||||
|
#:PREROUTING ACCEPT [0:0]
|
||||||
|
#:POSTROUTING ACCEPT [0:0]
|
||||||
|
#:OUTPUT ACCEPT [0:0]
|
||||||
|
|
||||||
|
# Redirect port 21 to local port 2121
|
||||||
|
#-A PREROUTING -i eth0 -p tcp --dport 21 -j REDIRECT --to-port 2121
|
||||||
|
|
||||||
|
# Forward port 8080 to port 80 on host 192.168.1.10
|
||||||
|
#-A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.10:80
|
||||||
|
|
||||||
|
#COMMIT
|
||||||
|
|
Loading…
Reference in New Issue