Compare text

Find the difference between two text files

Real-time diff

Unified diff

Collapse lines

Highlight change

Syntax highlighting

Tools

Untitled diff

Created 8 years agoDiff never expires

161 removals

141 lines

161 additions

141 lines

NonWorking ver 133 qos shibby

Working ver 130 qos shibby

/etc/iptables.error

/etc/iptables

-----------------------------------

-------------------------------

*mangle

:PREROUTING ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:QOSO - [0:0]

-A QOSO -j CONNMARK --restore-mark --mask 0xfff

-A QOSO -j CONNMARK --restore-mark --mask 0xff

-A QOSO -m connmark ! --mark 0/0x0f00 -j RETURN

:QOSSIZE - [0:0]

-I QOSO 3 -m connmark ! --mark 0/0xff000 -j QOSSIZE

-A QOSSIZE -m connmark --mark 0x1000/0xff000 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 10240: -j CONNMARK --set-mark 0x00000/0xFF

-I QOSO 4 -m connmark ! --mark 0/0xff000 -j RETURN

-A QOSO -p udp --dport 53 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF

-A QOSSIZE -m connmark --mark 0x1000/0xff000 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 10240: -j CONNMARK --set-return 0x00000/0xFF

-A QOSO -p tcp --dport 53 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF

-A QOSO -p udp --dport 53 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x101001/0xFF

-A QOSO -p udp --dport 37 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF

-A QOSO -p tcp --dport 53 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x101001/0xFF

-A QOSO -p tcp --dport 37 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF

-A QOSO -p udp --dport 37 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x201001/0xFF

-A QOSO -p udp --dport 123 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF

-A QOSO -p tcp --dport 37 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x201001/0xFF

-A QOSO -p udp --dport 3455 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF

-A QOSO -p udp --dport 123 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x301001/0xFF

-A QOSO -p tcp --dport 3455 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF

-A QOSO -p udp --dport 3455 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x401001/0xFF

-A QOSSIZE -m connmark --mark 0x2000/0xff000 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 51200: -j CONNMARK --set-mark 0x00000/0xFF

-A QOSO -p tcp --dport 3455 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x401001/0xFF

-A QOSO -p udp --dport 9 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:51199 -j CONNMARK --set-mark 0x4/0xFF

-A QOSSIZE -m connmark --mark 0x2000/0xff000 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 51200: -j CONNMARK --set-return 0x00000/0xFF

-A QOSO -p tcp --dport 9 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:51199 -j CONNMARK --set-mark 0x4/0xFF

-A QOSO -p udp --dport 9 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:51199 -j CONNMARK --set-return 0x502004/0xFF

-A QOSO -p udp -m multiport --ports 135,2101,2103,2105 -j CONNMARK --set-mark 0x4/0xFF

-A QOSO -p tcp --dport 9 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:51199 -j CONNMARK --set-return 0x502004/0xFF

-A QOSO -p tcp -m multiport --ports 135,2101,2103,2105 -j CONNMARK --set-mark 0x4/0xFF

-A QOSO -p udp -m multiport --ports 135,2101,2103,2105 -j CONNMARK --set-return 0x600104/0xFF

-A QOSO -p tcp -m multiport --ports 22,2222 -j CONNMARK --set-mark 0x3/0xFF

-A QOSO -p tcp -m multiport --ports 135,2101,2103,2105 -j CONNMARK --set-return 0x600104/0xFF

-A QOSO -p tcp -m multiport --dports 23,992 -j CONNMARK --set-mark 0x3/0xFF

-A QOSO -p tcp -m multiport --ports 22,2222 -j CONNMARK --set-return 0x800103/0xFF

-A QOSO -p tcp -m multiport --sports 80,5938,8080,2222 -j CONNMARK --set-mark 0x3/0xFF

-A QOSO -p tcp -m multiport --dports 23,992 -j CONNMARK --set-return 0x900103/0xFF

-A QOSO -p udp -m multiport --ports 3389 -j CONNMARK --set-mark 0x3/0xFF

-A QOSO -p tcp -m multiport --sports 80,5938,8080,2222 -j CONNMARK --set-return 0xa00103/0xFF

-A QOSO -p tcp -m multiport --ports 3389 -j CONNMARK --set-mark 0x3/0xFF

-A QOSO -p udp -m multiport --ports 3389 -j CONNMARK --set-return 0xb00103/0xFF

-A QOSO -p udp -m multiport --ports 1220,6970:7170,8554 -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p tcp -m multiport --ports 3389 -j CONNMARK --set-return 0xb00103/0xFF

-A QOSO -p tcp -m multiport --ports 1220,6970:7170,8554 -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p udp -m multiport --ports 1220,6970:7170,8554 -j CONNMARK --set-return 0xc00105/0xFF

-A QOSO -p udp -m multiport --ports 554,5004,5005 -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p tcp -m multiport --ports 1220,6970:7170,8554 -j CONNMARK --set-return 0xc00105/0xFF

-A QOSO -p tcp -m multiport --ports 554,5004,5005 -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p udp -m multiport --ports 554,5004,5005 -j CONNMARK --set-return 0xd00105/0xFF

-A QOSO -p udp -m multiport --ports 1755 -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p tcp -m multiport --ports 554,5004,5005 -j CONNMARK --set-return 0xd00105/0xFF

-A QOSO -p tcp -m multiport --ports 1755 -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p udp -m multiport --ports 1755 -j CONNMARK --set-return 0xe00105/0xFF

-A QOSO -p udp -m multiport --dports 3478,3479,5060:5063 -j CONNMARK --set-mark 0x2/0xFF

-A QOSO -p tcp -m multiport --ports 1755 -j CONNMARK --set-return 0xe00105/0xFF

-A QOSO -p tcp -m multiport --dports 3478,3479,5060:5063 -j CONNMARK --set-mark 0x2/0xFF

-A QOSO -p udp -m multiport --dports 3478,3479,5060:5063 -j CONNMARK --set-return 0xf00102/0xFF

-A QOSO -p udp -m multiport --sports 53,88,3074 -j CONNMARK --set-mark 0x2/0xFF

-A QOSO -p tcp -m multiport --dports 3478,3479,5060:5063 -j CONNMARK --set-return 0xf00102/0xFF

-A QOSO -p tcp -m multiport --sports 53,88,3074 -j CONNMARK --set-mark 0x2/0xFF

-A QOSO -p udp -m multiport --sports 53,88,3074 -j CONNMARK --set-return 0x1000102/0xFF

-A QOSO -p tcp --dport 1718:1720 -j CONNMARK --set-mark 0x2/0xFF

-A QOSO -p tcp -m multiport --sports 53,88,3074 -j CONNMARK --set-return 0x1000102/0xFF

-A QOSO -p udp -m multiport --dports 4380,27000:27050,11031,11235:11335,11999,2300:2400,6073,28800:29100,47624 -j CONNMARK --set-mark 0x2/0xFF

-A QOSO -p tcp --dport 1718:1720 -j CONNMARK --set-return 0x1100102/0xFF

-A QOSO -p tcp -m multiport --dports 4380,27000:27050,11031,11235:11335,11999,2300:2400,6073,28800:29100,47624 -j CONNMARK --set-mark 0x2/0xFF

-A QOSO -p udp -m multiport --dports 4380,27000:27050,11031,11235:11335,11999,2300:2400,6073,28800:29100,47624 -j CONNMARK --set-return 0x1200102/0xFF

-A QOSO -p udp -m multiport --dports 1493,1502,1503,1542,1863,1963,3389,5061,5190:5193,7001 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p tcp -m multiport --dports 4380,27000:27050,11031,11235:11335,11999,2300:2400,6073,28800:29100,47624 -j CONNMARK --set-return 0x1200102/0xFF

-A QOSO -p tcp -m multiport --dports 1493,1502,1503,1542,1863,1963,3389,5061,5190:5193,7001 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p udp -m multiport --dports 1493,1502,1503,1542,1863,1963,3389,5061,5190:5193,7001 -j CONNMARK --set-return 0x1300106/0xFF

-A QOSO -p udp -m multiport --dports 1071:1074,1455,1638,1644,5000:5010,5050,5100,5101,5150,8000:8002 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p tcp -m multiport --dports 1493,1502,1503,1542,1863,1963,3389,5061,5190:5193,7001 -j CONNMARK --set-return 0x1300106/0xFF

-A QOSO -p tcp -m multiport --dports 1071:1074,1455,1638,1644,5000:5010,5050,5100,5101,5150,8000:8002 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p udp -m multiport --dports 1071:1074,1455,1638,1644,5000:5010,5050,5100,5101,5150,8000:8002 -j CONNMARK --set-return 0x1400106/0xFF

-A QOSO -p udp -m multiport --dports 194,1720,1730:1732,5220:5223,5298,6660:6669,22555 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p tcp -m multiport --dports 1071:1074,1455,1638,1644,5000:5010,5050,5100,5101,5150,8000:8002 -j CONNMARK --set-return 0x1400106/0xFF

-A QOSO -p tcp -m multiport --dports 194,1720,1730:1732,5220:5223,5298,6660:6669,22555 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p udp -m multiport --dports 194,1720,1730:1732,5220:5223,5298,6660:6669,22555 -j CONNMARK --set-return 0x1500106/0xFF

-A QOSO -p udp --dport 19294:19310 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p tcp -m multiport --dports 194,1720,1730:1732,5220:5223,5298,6660:6669,22555 -j CONNMARK --set-return 0x1500106/0xFF

-A QOSO -p tcp --dport 19294:19310 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p udp --dport 19294:19310 -j CONNMARK --set-return 0x1600106/0xFF

-A QOSO -p tcp -m multiport --dports 6005,6006 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p tcp --dport 19294:19310 -j CONNMARK --set-return 0x1600106/0xFF

-A QOSO -p udp -m multiport --ports 6571,6891:6901 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p tcp -m multiport --dports 6005,6006 -j CONNMARK --set-return 0x1700106/0xFF

-A QOSO -p tcp -m multiport --ports 6571,6891:6901 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p udp -m multiport --ports 6571,6891:6901 -j CONNMARK --set-return 0x1800106/0xFF

-A QOSO -p udp -m multiport --ports 29613 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p tcp -m multiport --ports 6571,6891:6901 -j CONNMARK --set-return 0x1800106/0xFF

-A QOSO -p tcp -m multiport --ports 29613 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p udp -m multiport --ports 29613 -j CONNMARK --set-return 0x1900106/0xFF

-A QOSO -p tcp -m multiport --ports 4244,5242 -j CONNMARK --set-mark 0x2/0xFF

-A QOSO -p tcp -m multiport --ports 29613 -j CONNMARK --set-return 0x1900106/0xFF

-A QOSO -p udp -m multiport --ports 5243,9785 -j CONNMARK --set-mark 0x2/0xFF

-A QOSO -p tcp -m multiport --ports 4244,5242 -j CONNMARK --set-return 0x1a00102/0xFF

-A QOSO -p udp -m multiport --ports 3478:3497,16384:16387,16393:16402 -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p udp -m multiport --ports 5243,9785 -j CONNMARK --set-return 0x1b00102/0xFF

-A QOSSIZE -m connmark --mark 0x3000/0xff000 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-mark 0x00000/0xFF

-A QOSO -p udp -m multiport --ports 3478:3497,16384:16387,16393:16402 -j CONNMARK --set-return 0x1c00106/0xFF

-A QOSO -p tcp --dport 443 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:524287 -j CONNMARK --set-mark 0x4/0xFF

-A QOSSIZE -m connmark --mark 0x3000/0xff000 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-return 0x00000/0xFF

-A QOSO -p tcp --dport 443 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p tcp --dport 443 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:524287 -j CONNMARK --set-return 0x1d03004/0xFF

-A QOSO -p udp --dport 443 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:524287 -j CONNMARK --set-mark 0x4/0xFF

-A QOSO -p tcp --dport 443 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-return 0x1e00106/0xFF

-A QOSO -p udp --dport 443 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p udp --dport 443 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:524287 -j CONNMARK --set-return 0x1f03004/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j CONNMARK --set-mark 0x2/0xFF

-A QOSO -p udp --dport 443 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-return 0x2000106/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j CONNMARK --set-mark 0x2/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j CONNMARK --set-return 0x2100102/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto youtube-2012 -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j CONNMARK --set-return 0x2100102/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto youtube-2012 -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto youtube-2012 -j CONNMARK --set-return 0x2300105/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto httpvideo -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto youtube-2012 -j CONNMARK --set-return 0x2300105/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto httpvideo -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto httpvideo -j CONNMARK --set-return 0x2400105/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto flash -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto httpvideo -j CONNMARK --set-return 0x2400105/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto flash -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto flash -j CONNMARK --set-return 0x2500105/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto rtp -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto flash -j CONNMARK --set-return 0x2500105/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto rtp -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto rtp -j CONNMARK --set-return 0x2600105/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto rtmp -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto rtp -j CONNMARK --set-return 0x2600105/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto rtmp -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto rtmp -j CONNMARK --set-return 0x2700105/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto shoutcast -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto rtmp -j CONNMARK --set-return 0x2700105/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto shoutcast -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto shoutcast -j CONNMARK --set-return 0x2800105/0xFF

-A QOSO -m layer7 --l7dir /etc/l7-protocols --l7proto rtmpt -j CONNMARK --set-mark 0x5/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto shoutcast -j CONNMARK --set-return 0x2800105/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto irc -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -m layer7 --l7dir /etc/l7-protocols --l7proto rtmpt -j CONNMARK --set-return 0x2900105/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto irc -j CONNMARK --set-mark 0x6/0xFF

-A QOSO -p udp -m layer7 --l7dir /etc/l7-protocols --l7proto irc -j CONNMARK --set-return 0x2a00106/0xFF

-A QOSO -p tcp -m multiport --dports 80,8080 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:524287 -j CONNMARK --set-mark 0x4/0xFF

-A QOSO -p tcp -m layer7 --l7dir /etc/l7-protocols --l7proto irc -j CONNMARK --set-return 0x2a00106/0xFF

-A QOSO -p tcp -m multiport --dports 80,8080 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-mark 0x8/0xFF

-A QOSO -p tcp -m multiport --dports 80,8080 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:524287 -j CONNMARK --set-return 0x2b00004/0xFF

-A QOSO -p tcp -m multiport --dports 20,21,989,990 -j CONNMARK --set-mark 0x8/0xFF

-A QOSO -p tcp -m multiport --dports 80,8080 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-return 0x2c00008/0xFF

-A QOSO -p tcp -m multiport --dports 25,587,465,2525 -j CONNMARK --set-mark 0x7/0xFF

-A QOSO -p tcp -m multiport --dports 20,21,989,990 -j CONNMARK --set-return 0x2d00008/0xFF

-A QOSO -p tcp -m multiport --dports 110,995 -j CONNMARK --set-mark 0x7/0xFF

-A QOSO -p tcp -m multiport --dports 25,587,465,2525 -j CONNMARK --set-return 0x2e00007/0xFF

-A QOSO -p tcp -m multiport --dports 119,563 -j CONNMARK --set-mark 0x8/0xFF

-A QOSO -p tcp -m multiport --dports 110,995 -j CONNMARK --set-return 0x2f00007/0xFF

-A QOSO -p tcp -m multiport --dports 143,220,585,993 -j CONNMARK --set-mark 0x7/0xFF

-A QOSO -p tcp -m multiport --dports 119,563 -j CONNMARK --set-return 0x3000008/0xFF

-A QOSO -p udp --dport 1:65535 -j CONNMARK --set-mark 0x9/0xFF

-A QOSO -p tcp -m multiport --dports 143,220,585,993 -j CONNMARK --set-return 0x3100007/0xFF

-A QOSO -m connmark --mark 0x0/0xff -j CONNMARK --set-mark 0x9/0xff

-A QOSO -p udp --dport 1:65535 -j CONNMARK --set-return 0x3200009/0xFF

-A QOSO -j CONNMARK --set-return 0xff00009

-A FORWARD -o vlan1 -j QOSO

-A OUTPUT -o vlan1 -j QOSO

-A PREROUTING -i vlan1 -j CONNMARK --restore-mark --mask 0xfff

-A PREROUTING -i vlan1 -j CONNMARK --restore-mark --mask 0xff

-A PREROUTING -i vlan1 -j IMQ --todev 0

-I PREROUTING -i vlan1 -j DSCP --set-dscp 0

COMMIT

*nat

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:WANPREROUTING - [0:0]

-A PREROUTING -d 192.168.2.2 -j WANPREROUTING

-A PREROUTING -i vlan1 -d 192.168.1.1/255.255.255.0 -j DROP

-A WANPREROUTING -p icmp -j DNAT --to-destination 192.168.1.1

-A POSTROUTING -o vlan1 -j MASQUERADE

-A POSTROUTING -o br0 -s 192.168.1.1/255.255.255.0 -d 192.168.1.1/255.255.255.0 -j SNAT --to-source 192.168.1.1

COMMIT

*filter

:INPUT DROP [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state INVALID -j DROP

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-N shlimit

-A shlimit -m recent --set --name shlimit

-A shlimit -m recent --update --hitcount 4 --seconds 60 --name shlimit -j DROP

-A INPUT -p tcp --dport 22 -m state --state NEW -j shlimit

-A INPUT -i lo -j ACCEPT

-A INPUT -i br0 -j ACCEPT

-A INPUT -p icmp -m limit --limit 2/second -j ACCEPT

-A INPUT -p udp --dport 33434:33534 -m limit --limit 10/second -j ACCEPT

:FORWARD DROP [0:0]

-A FORWARD -m account --aaddr 192.168.1.0/255.255.255.0 --aname lan

-A FORWARD -i br0 -o br0 -j ACCEPT

-A FORWARD -m state --state INVALID -j DROP

-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

:L7in - [0:0]

-A FORWARD -i vlan1 -j L7in

-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j RETURN

-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto youtube-2012 -j RETURN

-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto httpvideo -j RETURN

-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto flash -j RETURN

-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto rtp -j RETURN

-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto rtmp -j RETURN

-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto shoutcast -j RETURN

-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto rtmpt -j RETURN

-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto irc -j RETURN

:wanin - [0:0]

:wanout - [0:0]

-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -i vlan1 -j wanin

-A FORWARD -o vlan1 -j wanout

-A FORWARD -i br0 -j ACCEPT

COMMIT

Saved diffs

Original text

Open file

   NonWorking ver 133 qos shibby
/etc/iptables.error
-----------------------------------
*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:QOSO - [0:0]
-A QOSO -j CONNMARK --restore-mark --mask 0xfff
:QOSSIZE - [0:0]
-I QOSO 3 -m connmark ! --mark 0/0xff000 -j QOSSIZE
-A QOSSIZE -m connmark --mark 0x1000/0xff000 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 10240: -j CONNMARK --set-mark 0x00000/0xFF
-A QOSO -p udp --dport 53   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF
-A QOSO -p tcp --dport 53   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF
-A QOSO -p udp --dport 37   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF
-A QOSO -p tcp --dport 37   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF
-A QOSO -p udp --dport 123   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF
-A QOSO -p udp --dport 3455   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF
-A QOSO -p tcp --dport 3455   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-mark 0x1/0xFF
-A QOSSIZE -m connmark --mark 0x2000/0xff000 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 51200: -j CONNMARK --set-mark 0x00000/0xFF
-A QOSO -p udp --dport 9   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:51199 -j CONNMARK --set-mark 0x4/0xFF
-A QOSO -p tcp --dport 9   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:51199 -j CONNMARK --set-mark 0x4/0xFF
-A QOSO -p udp -m multiport --ports 135,2101,2103,2105   -j CONNMARK --set-mark 0x4/0xFF
-A QOSO -p tcp -m multiport --ports 135,2101,2103,2105   -j CONNMARK --set-mark 0x4/0xFF
-A QOSO -p tcp -m multiport --ports 22,2222   -j CONNMARK --set-mark 0x3/0xFF
-A QOSO -p tcp -m multiport --dports 23,992   -j CONNMARK --set-mark 0x3/0xFF
-A QOSO -p tcp -m multiport --sports 80,5938,8080,2222   -j CONNMARK --set-mark 0x3/0xFF
-A QOSO -p udp -m multiport --ports 3389   -j CONNMARK --set-mark 0x3/0xFF
-A QOSO -p tcp -m multiport --ports 3389   -j CONNMARK --set-mark 0x3/0xFF
-A QOSO -p udp -m multiport --ports 1220,6970:7170,8554   -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p tcp -m multiport --ports 1220,6970:7170,8554   -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p udp -m multiport --ports 554,5004,5005   -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p tcp -m multiport --ports 554,5004,5005   -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p udp -m multiport --ports 1755   -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p tcp -m multiport --ports 1755   -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p udp -m multiport --dports 3478,3479,5060:5063   -j CONNMARK --set-mark 0x2/0xFF
-A QOSO -p tcp -m multiport --dports 3478,3479,5060:5063   -j CONNMARK --set-mark 0x2/0xFF
-A QOSO -p udp -m multiport --sports 53,88,3074   -j CONNMARK --set-mark 0x2/0xFF
-A QOSO -p tcp -m multiport --sports 53,88,3074   -j CONNMARK --set-mark 0x2/0xFF
-A QOSO -p tcp --dport 1718:1720   -j CONNMARK --set-mark 0x2/0xFF
-A QOSO -p udp -m multiport --dports 4380,27000:27050,11031,11235:11335,11999,2300:2400,6073,28800:29100,47624   -j CONNMARK --set-mark 0x2/0xFF
-A QOSO -p tcp -m multiport --dports 4380,27000:27050,11031,11235:11335,11999,2300:2400,6073,28800:29100,47624   -j CONNMARK --set-mark 0x2/0xFF
-A QOSO -p udp -m multiport --dports 1493,1502,1503,1542,1863,1963,3389,5061,5190:5193,7001   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p tcp -m multiport --dports 1493,1502,1503,1542,1863,1963,3389,5061,5190:5193,7001   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p udp -m multiport --dports 1071:1074,1455,1638,1644,5000:5010,5050,5100,5101,5150,8000:8002   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p tcp -m multiport --dports 1071:1074,1455,1638,1644,5000:5010,5050,5100,5101,5150,8000:8002   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p udp -m multiport --dports 194,1720,1730:1732,5220:5223,5298,6660:6669,22555   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p tcp -m multiport --dports 194,1720,1730:1732,5220:5223,5298,6660:6669,22555   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p udp --dport 19294:19310   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p tcp --dport 19294:19310   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p tcp -m multiport --dports 6005,6006   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p udp -m multiport --ports 6571,6891:6901   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p tcp -m multiport --ports 6571,6891:6901   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p udp -m multiport --ports 29613   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p tcp -m multiport --ports 29613   -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p tcp -m multiport --ports 4244,5242   -j CONNMARK --set-mark 0x2/0xFF
-A QOSO -p udp -m multiport --ports 5243,9785   -j CONNMARK --set-mark 0x2/0xFF
-A QOSO -p udp -m multiport --ports 3478:3497,16384:16387,16393:16402   -j CONNMARK --set-mark 0x6/0xFF
-A QOSSIZE -m connmark --mark 0x3000/0xff000 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-mark 0x00000/0xFF
-A QOSO -p tcp --dport 443   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:524287 -j CONNMARK --set-mark 0x4/0xFF
-A QOSO -p tcp --dport 443   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p udp --dport 443   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:524287 -j CONNMARK --set-mark 0x4/0xFF
-A QOSO -p udp --dport 443   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j CONNMARK --set-mark 0x2/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j CONNMARK --set-mark 0x2/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto youtube-2012 -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto youtube-2012 -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto httpvideo -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto httpvideo -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto flash -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto flash -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto rtp -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto rtp -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto rtmp -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto rtmp -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto shoutcast -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto shoutcast -j CONNMARK --set-mark 0x5/0xFF
-A QOSO  -m layer7 --l7dir /etc/l7-protocols --l7proto rtmpt -j CONNMARK --set-mark 0x5/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto irc -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto irc -j CONNMARK --set-mark 0x6/0xFF
-A QOSO -p tcp -m multiport --dports 80,8080   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:524287 -j CONNMARK --set-mark 0x4/0xFF
-A QOSO -p tcp -m multiport --dports 80,8080   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-mark 0x8/0xFF
-A QOSO -p tcp -m multiport --dports 20,21,989,990   -j CONNMARK --set-mark 0x8/0xFF
-A QOSO -p tcp -m multiport --dports 25,587,465,2525   -j CONNMARK --set-mark 0x7/0xFF
-A QOSO -p tcp -m multiport --dports 110,995   -j CONNMARK --set-mark 0x7/0xFF
-A QOSO -p tcp -m multiport --dports 119,563   -j CONNMARK --set-mark 0x8/0xFF
-A QOSO -p tcp -m multiport --dports 143,220,585,993   -j CONNMARK --set-mark 0x7/0xFF
-A QOSO -p udp --dport 1:65535   -j CONNMARK --set-mark 0x9/0xFF
-A QOSO -m connmark --mark 0x0/0xff -j CONNMARK --set-mark 0x9/0xff
-A FORWARD -o vlan1 -j QOSO
-A OUTPUT -o vlan1 -j QOSO
-A PREROUTING -i vlan1 -j CONNMARK --restore-mark --mask 0xfff
-A PREROUTING -i vlan1 -j IMQ --todev 0
-I PREROUTING -i vlan1 -j DSCP --set-dscp 0
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:WANPREROUTING - [0:0]
-A PREROUTING -d 192.168.2.2 -j WANPREROUTING
-A PREROUTING -i vlan1 -d 192.168.1.1/255.255.255.0 -j DROP
-A WANPREROUTING -p icmp -j DNAT --to-destination 192.168.1.1
-A POSTROUTING  -o vlan1 -j MASQUERADE
-A POSTROUTING -o br0 -s 192.168.1.1/255.255.255.0 -d 192.168.1.1/255.255.255.0 -j SNAT --to-source 192.168.1.1
COMMIT
*filter
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-N shlimit
-A shlimit -m recent --set --name shlimit
-A shlimit -m recent --update --hitcount 4 --seconds 60 --name shlimit -j DROP
-A INPUT -p tcp --dport 22 -m state --state NEW -j shlimit
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -p icmp -m limit --limit 2/second -j ACCEPT
-A INPUT -p udp --dport 33434:33534 -m limit --limit 10/second -j ACCEPT
:FORWARD DROP [0:0]
-A FORWARD -m account --aaddr 192.168.1.0/255.255.255.0 --aname lan
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
:L7in - [0:0]
-A FORWARD -i vlan1 -j L7in
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto youtube-2012 -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto httpvideo -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto flash -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto rtp -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto rtmp -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto shoutcast -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto rtmpt -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto irc -j RETURN
:wanin - [0:0]
:wanout - [0:0]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan1 -j wanin
-A FORWARD -o vlan1 -j wanout
-A FORWARD -i br0 -j ACCEPT
COMMIT

Changed text

Open file

   Working ver 130 qos shibby
/etc/iptables
-------------------------------
*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:QOSO - [0:0]
-A QOSO -j CONNMARK --restore-mark --mask 0xff
-A QOSO -m connmark ! --mark 0/0x0f00 -j RETURN
:QOSSIZE - [0:0]
-I QOSO 3 -m connmark ! --mark 0/0xff000 -j QOSSIZE
-I QOSO 4 -m connmark ! --mark 0/0xff000 -j RETURN
-A QOSSIZE -m connmark --mark 0x1000/0xff000 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 10240: -j CONNMARK --set-return 0x00000/0xFF
-A QOSO -p udp --dport 53   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x101001/0xFF
-A QOSO -p tcp --dport 53   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x101001/0xFF
-A QOSO -p udp --dport 37   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x201001/0xFF
-A QOSO -p tcp --dport 37   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x201001/0xFF
-A QOSO -p udp --dport 123   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x301001/0xFF
-A QOSO -p udp --dport 3455   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x401001/0xFF
-A QOSO -p tcp --dport 3455   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:10239 -j CONNMARK --set-return 0x401001/0xFF
-A QOSSIZE -m connmark --mark 0x2000/0xff000 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 51200: -j CONNMARK --set-return 0x00000/0xFF
-A QOSO -p udp --dport 9   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:51199 -j CONNMARK --set-return 0x502004/0xFF
-A QOSO -p tcp --dport 9   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:51199 -j CONNMARK --set-return 0x502004/0xFF
-A QOSO -p udp -m multiport --ports 135,2101,2103,2105   -j CONNMARK --set-return 0x600104/0xFF
-A QOSO -p tcp -m multiport --ports 135,2101,2103,2105   -j CONNMARK --set-return 0x600104/0xFF
-A QOSO -p tcp -m multiport --ports 22,2222   -j CONNMARK --set-return 0x800103/0xFF
-A QOSO -p tcp -m multiport --dports 23,992   -j CONNMARK --set-return 0x900103/0xFF
-A QOSO -p tcp -m multiport --sports 80,5938,8080,2222   -j CONNMARK --set-return 0xa00103/0xFF
-A QOSO -p udp -m multiport --ports 3389   -j CONNMARK --set-return 0xb00103/0xFF
-A QOSO -p tcp -m multiport --ports 3389   -j CONNMARK --set-return 0xb00103/0xFF
-A QOSO -p udp -m multiport --ports 1220,6970:7170,8554   -j CONNMARK --set-return 0xc00105/0xFF
-A QOSO -p tcp -m multiport --ports 1220,6970:7170,8554   -j CONNMARK --set-return 0xc00105/0xFF
-A QOSO -p udp -m multiport --ports 554,5004,5005   -j CONNMARK --set-return 0xd00105/0xFF
-A QOSO -p tcp -m multiport --ports 554,5004,5005   -j CONNMARK --set-return 0xd00105/0xFF
-A QOSO -p udp -m multiport --ports 1755   -j CONNMARK --set-return 0xe00105/0xFF
-A QOSO -p tcp -m multiport --ports 1755   -j CONNMARK --set-return 0xe00105/0xFF
-A QOSO -p udp -m multiport --dports 3478,3479,5060:5063   -j CONNMARK --set-return 0xf00102/0xFF
-A QOSO -p tcp -m multiport --dports 3478,3479,5060:5063   -j CONNMARK --set-return 0xf00102/0xFF
-A QOSO -p udp -m multiport --sports 53,88,3074   -j CONNMARK --set-return 0x1000102/0xFF
-A QOSO -p tcp -m multiport --sports 53,88,3074   -j CONNMARK --set-return 0x1000102/0xFF
-A QOSO -p tcp --dport 1718:1720   -j CONNMARK --set-return 0x1100102/0xFF
-A QOSO -p udp -m multiport --dports 4380,27000:27050,11031,11235:11335,11999,2300:2400,6073,28800:29100,47624   -j CONNMARK --set-return 0x1200102/0xFF
-A QOSO -p tcp -m multiport --dports 4380,27000:27050,11031,11235:11335,11999,2300:2400,6073,28800:29100,47624   -j CONNMARK --set-return 0x1200102/0xFF
-A QOSO -p udp -m multiport --dports 1493,1502,1503,1542,1863,1963,3389,5061,5190:5193,7001   -j CONNMARK --set-return 0x1300106/0xFF
-A QOSO -p tcp -m multiport --dports 1493,1502,1503,1542,1863,1963,3389,5061,5190:5193,7001   -j CONNMARK --set-return 0x1300106/0xFF
-A QOSO -p udp -m multiport --dports 1071:1074,1455,1638,1644,5000:5010,5050,5100,5101,5150,8000:8002   -j CONNMARK --set-return 0x1400106/0xFF
-A QOSO -p tcp -m multiport --dports 1071:1074,1455,1638,1644,5000:5010,5050,5100,5101,5150,8000:8002   -j CONNMARK --set-return 0x1400106/0xFF
-A QOSO -p udp -m multiport --dports 194,1720,1730:1732,5220:5223,5298,6660:6669,22555   -j CONNMARK --set-return 0x1500106/0xFF
-A QOSO -p tcp -m multiport --dports 194,1720,1730:1732,5220:5223,5298,6660:6669,22555   -j CONNMARK --set-return 0x1500106/0xFF
-A QOSO -p udp --dport 19294:19310   -j CONNMARK --set-return 0x1600106/0xFF
-A QOSO -p tcp --dport 19294:19310   -j CONNMARK --set-return 0x1600106/0xFF
-A QOSO -p tcp -m multiport --dports 6005,6006   -j CONNMARK --set-return 0x1700106/0xFF
-A QOSO -p udp -m multiport --ports 6571,6891:6901   -j CONNMARK --set-return 0x1800106/0xFF
-A QOSO -p tcp -m multiport --ports 6571,6891:6901   -j CONNMARK --set-return 0x1800106/0xFF
-A QOSO -p udp -m multiport --ports 29613   -j CONNMARK --set-return 0x1900106/0xFF
-A QOSO -p tcp -m multiport --ports 29613   -j CONNMARK --set-return 0x1900106/0xFF
-A QOSO -p tcp -m multiport --ports 4244,5242   -j CONNMARK --set-return 0x1a00102/0xFF
-A QOSO -p udp -m multiport --ports 5243,9785   -j CONNMARK --set-return 0x1b00102/0xFF
-A QOSO -p udp -m multiport --ports 3478:3497,16384:16387,16393:16402   -j CONNMARK --set-return 0x1c00106/0xFF
-A QOSSIZE -m connmark --mark 0x3000/0xff000 -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-return 0x00000/0xFF
-A QOSO -p tcp --dport 443   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:524287 -j CONNMARK --set-return 0x1d03004/0xFF
-A QOSO -p tcp --dport 443   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-return 0x1e00106/0xFF
-A QOSO -p udp --dport 443   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:524287 -j CONNMARK --set-return 0x1f03004/0xFF
-A QOSO -p udp --dport 443   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-return 0x2000106/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j CONNMARK --set-return 0x2100102/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j CONNMARK --set-return 0x2100102/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto youtube-2012 -j CONNMARK --set-return 0x2300105/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto youtube-2012 -j CONNMARK --set-return 0x2300105/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto httpvideo -j CONNMARK --set-return 0x2400105/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto httpvideo -j CONNMARK --set-return 0x2400105/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto flash -j CONNMARK --set-return 0x2500105/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto flash -j CONNMARK --set-return 0x2500105/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto rtp -j CONNMARK --set-return 0x2600105/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto rtp -j CONNMARK --set-return 0x2600105/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto rtmp -j CONNMARK --set-return 0x2700105/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto rtmp -j CONNMARK --set-return 0x2700105/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto shoutcast -j CONNMARK --set-return 0x2800105/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto shoutcast -j CONNMARK --set-return 0x2800105/0xFF
-A QOSO  -m layer7 --l7dir /etc/l7-protocols --l7proto rtmpt -j CONNMARK --set-return 0x2900105/0xFF
-A QOSO -p udp   -m layer7 --l7dir /etc/l7-protocols --l7proto irc -j CONNMARK --set-return 0x2a00106/0xFF
-A QOSO -p tcp   -m layer7 --l7dir /etc/l7-protocols --l7proto irc -j CONNMARK --set-return 0x2a00106/0xFF
-A QOSO -p tcp -m multiport --dports 80,8080   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 0:524287 -j CONNMARK --set-return 0x2b00004/0xFF
-A QOSO -p tcp -m multiport --dports 80,8080   -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes 524288: -j CONNMARK --set-return 0x2c00008/0xFF
-A QOSO -p tcp -m multiport --dports 20,21,989,990   -j CONNMARK --set-return 0x2d00008/0xFF
-A QOSO -p tcp -m multiport --dports 25,587,465,2525   -j CONNMARK --set-return 0x2e00007/0xFF
-A QOSO -p tcp -m multiport --dports 110,995   -j CONNMARK --set-return 0x2f00007/0xFF
-A QOSO -p tcp -m multiport --dports 119,563   -j CONNMARK --set-return 0x3000008/0xFF
-A QOSO -p tcp -m multiport --dports 143,220,585,993   -j CONNMARK --set-return 0x3100007/0xFF
-A QOSO -p udp --dport 1:65535   -j CONNMARK --set-return 0x3200009/0xFF
-A QOSO -j CONNMARK --set-return 0xff00009
-A FORWARD -o vlan1 -j QOSO
-A OUTPUT -o vlan1 -j QOSO
-A PREROUTING -i vlan1 -j CONNMARK --restore-mark --mask 0xff
-A PREROUTING -i vlan1 -j IMQ --todev 0
-I PREROUTING -i vlan1 -j DSCP --set-dscp 0
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:WANPREROUTING - [0:0]
-A PREROUTING -d 192.168.2.2 -j WANPREROUTING
-A PREROUTING -i vlan1 -d 192.168.1.1/255.255.255.0 -j DROP
-A WANPREROUTING -p icmp -j DNAT --to-destination 192.168.1.1
-A POSTROUTING  -o vlan1 -j MASQUERADE
-A POSTROUTING -o br0 -s 192.168.1.1/255.255.255.0 -d 192.168.1.1/255.255.255.0 -j SNAT --to-source 192.168.1.1
COMMIT
*filter
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-N shlimit
-A shlimit -m recent --set --name shlimit
-A shlimit -m recent --update --hitcount 4 --seconds 60 --name shlimit -j DROP
-A INPUT -p tcp --dport 22 -m state --state NEW -j shlimit
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
:FORWARD DROP [0:0]
-A FORWARD -m account --aaddr 192.168.1.0/255.255.255.0 --aname lan
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
:L7in - [0:0]
-A FORWARD -i vlan1 -j L7in
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto youtube-2012 -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto httpvideo -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto flash -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto rtp -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto rtmp -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto shoutcast -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto rtmpt -j RETURN
-A L7in -m layer7 --l7dir /etc/l7-protocols --l7proto irc -j RETURN
:wanin - [0:0]
:wanout - [0:0]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan1 -j wanin
-A FORWARD -o vlan1 -j wanout
-A FORWARD -i br0 -j ACCEPT
COMMIT