[NoCat] Patch: throttle_inbound-01.patch
Karl Gaissmaier
karl.gaissmaier at kiz.uni-ulm.de
Tue, 29 Jul 2003 01:20:35 +0200
--------------Boundary-00=_BUCRV16MHOU6L4AWV151
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
Name:
throttle_inbound-01.patch
Affected Files:
libexec/iptables/access.fw
Version:
Patch against 0.82 or later
Severity:
important for throttling Public inbound traffic
Description:
Without this patch, the inbound traffic would not be marked
and hence not throttled.
-- Karl Gaissmaier KIZ/Infrastructure, University of Ulm, Germany
Email:karl.gaissmaier@kiz.uni-ulm.de Service Group Network
--------------Boundary-00=_BUCRV16MHOU6L4AWV151
Content-Type: text/x-diff;
charset="us-ascii";
name="throttle_inbound-01.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="throttle_inbound-01.patch"
diff -Naur NoCatAuth-old/libexec/iptables/access.fw NoCatAuth-nightly/libexec/iptables/access.fw
--- NoCatAuth-old/libexec/iptables/access.fw 2003-02-12 03:33:24.000000000 +0100
+++ NoCatAuth-nightly/libexec/iptables/access.fw 2003-07-25 23:37:03.000000000 +0200
@@ -48,6 +48,9 @@
iptables -t mangle $cmd NoCat $match_mac -s $ip -j MARK --set-mark $mark
# Mark inbound traffic to this node.
+iptables -t mangle $cmd NoCat -d $ip -j MARK --set-mark $mark
+
+# Accept inbound traffic to this node.
iptables -t filter $cmd NoCat_Inbound -d $ip -j ACCEPT
#
--------------Boundary-00=_BUCRV16MHOU6L4AWV151--