# # Shorewall version 4 - Started File # # /etc/shorewall/started # # Add commands below that you want to be executed after shorewall has # been completely started or restarted. The difference between this # extension script and /etc/shorewall/start is that this one is invoked # after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and # after the 'shorewall' chain has been created (thus signaling that the # firewall is completely up). # # This script should not change the firewall configuration directly but # may do so indirectly by running /sbin/shorewall with the 'nolock' # option. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ############################################################################### #route del default gw #route add default gw 10.1.5.3 service named restart service dhcpd restart service ntpd restart service zebra restart service ospfd restart # Filter table is used to block packets iptables -N reject_torrent --table filter iptables -I FORWARD 1 -j reject_torrent --table filter # nat table is used to direct all web traffic to a landing page iptables -N reject_torrent --table nat iptables -I PREROUTING 1 -j reject_torrent --table nat /etc/shorewall/var-setup.sh # This should match the default and is the bulk, non-realtime class run_iptables -t mangle -A tcpost -d 10.1.1.0/24 -j CLASSIFY --set-class 1:a ### eth1.2 - Phone #VoIP # ShoreTel Bulk # TMS(111), LSP CSIS(5440) #Default run_iptables -t mangle -A tcpost -o eth1.2 -j CLASSIFY --set-class 1:230 run_iptables -t mangle -A tcpost -o eth1.2 -p tcp -m multiport --ports 111,5440 -j CLASSIFY --set-class 1:230 run_iptables -t mangle -A tcpost -o eth1.2 -p udp -m multiport --ports 111,5440 -j CLASSIFY --set-class 1:230 # ShoreTel Call Control run_iptables -t mangle -A tcpost -o eth1.2 -p udp -m multiport --ports 2427,2727,5441,5442,5443,5444,5445,5446 -j CLASSIFY --set-class 1:220 run_iptables -t mangle -A tcpost -o eth1.2 -p udp -m multiport --ports 2427 -j DSCP --set-dscp-class AF31 run_iptables -t mangle -A tcpost -o eth1.2 -p udp -m multiport --ports 2427 -j CLASSIFY --set-class 1:220 # ShoreTel Realtime run_iptables -t mangle -A tcpost -o eth1.2 -p udp -m multiport --ports 5004 -j CLASSIFY --set-class 1:210 run_iptables -t mangle -A tcpost -o eth1.2 -p udp -m dscp --dscp 46 -j CLASSIFY --set-class 1:210 ### eth1.3 #scrub DSCP from guest LAN run_iptables -t mangle -A tcpre -i eth1.3 -j DSCP --set-dscp 0 #mark packets to guest LAN run_iptables -t mangle -A tcpost -o eth1.3 -j CLASSIFY --set-class 1:3 ### eth1.5 MPLS run_iptables -t mangle -A tcpost -o eth1.5 -j CLASSIFY --set-class 1:583 #Bulk # Mail, FTP run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --dports 21,110,995,143,993,25,465 ! -d 10.0.0.0/8 -j CLASSIFY --set-class 1:563 # FTP data run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --dports 20 ! -d 10.0.0.0/8 -j CLASSIFY --set-class 1:563 # HTTP run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --dports 80,443 ! -d 10.0.0.0/8 -s 10.0.0.0/8 -j CLASSIFY --set-class 1:583 run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --dports 80,443 ! -d 10.0.0.0/8 -s 192.168.0.0/16 -j CLASSIFY --set-class 1:583 run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --dports 80,443 ! -d 10.0.0.0/8 -s 192.9.200.0/24 -j CLASSIFY --set-class 1:583 #Acumen run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -s 192.168.1.187 -d 10.5.0.0/16 -j CLASSIFY --set-class 1:5632 #VoIP # ShoreTel # By default all UDP 1024- traffic is RTP... run_iptables -t mangle -A tcpost -o eth1.5 -p udp -s 10.1.2.0/24 -m multiport --ports 1024:65535 -j CLASSIFY --set-class 1:51 run_iptables -t mangle -A tcpost -o eth1.5 -p udp -s 10.3.2.0/24 -m multiport --ports 1024:65535 -j CLASSIFY --set-class 1:51 # VoIP Bulk run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --ports 20,21,25,111,5440 -s 10.1.2.0/24 -j CLASSIFY --set-class 1:53 run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 111,5440 -s 10.1.2.0/24 -j CLASSIFY --set-class 1:53 run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --ports 20,21,25,111,5440 -s 10.3.2.0/24 -j CLASSIFY --set-class 1:53 run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 111,5440 -s 10.3.2.0/24 -j CLASSIFY --set-class 1:53 # ShoreTel Call Control run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 161,2427,2727,5060,5441,5442,5443,5444,5445,5446 -s 10.1.2.0/24 -j CLASSIFY --set-class 1:52 run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 161,2427,2727,5060,5441,5442,5443,5444,5445,5446 -s 10.3.2.0/24 -j CLASSIFY --set-class 1:52 run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --ports 135,5441 -s 10.1.2.0/24 -j CLASSIFY --set-class 1:52 run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --ports 135,5441 -s 10.3.2.0/24 -j CLASSIFY --set-class 1:52 run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --ports 1024:65535 -s 10.1.2.10/32 -d 10.5.2.10/32 -j CLASSIFY --set-class 1:52 # ShoreTel Realtime run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 5004 -s 10.1.2.0/24 -j CLASSIFY --set-class 1:51 run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 5004 -s 10.3.2.0/24 -j CLASSIFY --set-class 1:51 run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m dscp --dscp 46 -s 10.1.2.0/24 -j CLASSIFY --set-class 1:51 run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m dscp --dscp 46 -s 10.3.2.0/24 -j CLASSIFY --set-class 1:51 run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --ports 135,161 -s 10.1.2.0/24 -j DSCP --set-dscp 46 run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --ports 135,161 -s 10.3.2.0/24 -j DSCP --set-dscp 46 run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 1024:65535 -s 10.1.2.0/24 -j DSCP --set-dscp 46 run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 1024:65535 -s 10.3.2.0/24 -j DSCP --set-dscp 46 run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --ports 20,21,25,111,5440 -s 10.1.2.0/24 -j DSCP --set-dscp 34 run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 111,5440 -s 10.1.2.0/24 -j DSCP --set-dscp 34 run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --ports 20,21,25,111,5440 -s 10.3.2.0/24 -j DSCP --set-dscp 34 run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 111,5440 -s 10.3.2.0/24 -j DSCP --set-dscp 34 #Video # Default run_iptables -t mangle -A tcfor -i eth1.100 -o eth1.5 -j CLASSIFY --set-class 1:53 # Video Data AF23(22) --> AF41(34) --> VideoData run_iptables -t mangle -A tcpost -o eth1.5 -m dscp --dscp 22 -s 10.1.100.0/24 -j CLASSIFY --set-class 1:55 run_iptables -t mangle -A tcpost -o eth1.5 -m dscp --dscp 22 -s 10.1.100.0/24 -j DSCP --set-dscp 34 # Signaling AF31(26) --> EF(46) --> VoIP Signaling run_iptables -t mangle -A tcpost -o eth1.5 -m dscp --dscp 26 -s 10.1.100.0/24 -j CLASSIFY --set-class 1:52 run_iptables -t mangle -A tcpost -o eth1.5 -m dscp --dscp 22 -s 10.1.100.0/24 -j DSCP --set-dscp 46 # Video Realtime AF41(34) --> AF41(34) --> Video RT run_iptables -t mangle -A tcpost -o eth1.5 -m dscp --dscp 34 -s 10.1.100.0/24 -j CLASSIFY --set-class 1:54 # Video Telephone RT EF(46)-> EF(46) -> VoIP RT run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m dscp --dscp 46 -s 10.1.100.0/24 -j CLASSIFY --set-class 1:51 #Admin # HTTP run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --sports 80,443 -s 10.0.0.0/8 -d 10.0.0.0/8 -j CLASSIFY --set-class 1:563 run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --dports 80,443 -s 10.0.0.0/8 -d 10.0.0.0/8 -j CLASSIFY --set-class 1:563 # SSH run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --ports 22 -s 10.0.0.0/8 -d 10.0.0.0/8 -j CLASSIFY --set-class 1:562 # Telnet run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --ports 23 -s 10.0.0.0/8 -d 10.0.0.0/8 -j CLASSIFY --set-class 1:561 #Network # SNMP run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 161,162 -s 10.0.0.0/8 -d 10.0.0.0/8 -j CLASSIFY --set-class 1:574 # DNS run_iptables -t mangle -A tcpost -o eth1.5 -p tcp -m multiport --ports 53 -j CLASSIFY --set-class 1:573 run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 53 -j CLASSIFY --set-class 1:573 # ICMP run_iptables -t mangle -A tcpost -o eth1.5 -p icmp --icmp-type echo-reply -s 10.0.0.0/8 -d 10.0.0.0/8 -j CLASSIFY --set-class 1:572 run_iptables -t mangle -A tcpost -o eth1.5 -p icmp --icmp-type destination-unreachable -s 10.0.0.0/8 -d 10.0.0.0/8 -j CLASSIFY --set-class 1:572 run_iptables -t mangle -A tcpost -o eth1.5 -p icmp --icmp-type redirect -s 10.0.0.0/8 -d 10.0.0.0/8 -j CLASSIFY --set-class 1:572 run_iptables -t mangle -A tcpost -o eth1.5 -p icmp --icmp-type echo-request -s 10.0.0.0/8 -d 10.0.0.0/8 -j CLASSIFY --set-class 1:572 run_iptables -t mangle -A tcpost -o eth1.5 -p icmp --icmp-type time-exceeded -s 10.0.0.0/8 -d 10.0.0.0/8 -j CLASSIFY --set-class 1:572 run_iptables -t mangle -A tcpost -o eth1.5 -p icmp --icmp-type timestamp-request -s 10.0.0.0/8 -d 10.0.0.0/8 -j CLASSIFY --set-class 1:572 run_iptables -t mangle -A tcpost -o eth1.5 -p icmp --icmp-type timestamp-reply -s 10.0.0.0/8 -d 10.0.0.0/8 -j CLASSIFY --set-class 1:572 # NTP run_iptables -t mangle -A tcpost -o eth1.5 -p udp -m multiport --ports 123 -j CLASSIFY --set-class 1:571 # eth1.6 - Odiyan #VoIP run_iptables -t mangle -A tcpost -o eth1.6 -p tcp -d 10.3.2.0/24 -m multiport --ports 111,5440 -j CLASSIFY --set-class 1:62 run_iptables -t mangle -A tcpost -o eth1.6 -p udp -d 10.3.2.0/24 -m multiport --ports 111,5440 -j CLASSIFY --set-class 1:62 run_iptables -t mangle -A tcpost -o eth1.6 -p udp -d 10.3.2.0/24 -m multiport --ports 2427,2727,5441,5442,5443,5444,5445,5446 -j CLASSIFY --set-class 1:62 run_iptables -t mangle -A tcpost -o eth1.6 -p udp -m multiport --ports 2427 -j DSCP --set-dscp-class AF31 run_iptables -t mangle -A tcpost -o eth1.6 -p udp -d 10.3.2.0/24 -m multiport --ports 5004 -j CLASSIFY --set-class 1:61 run_iptables -t mangle -A tcpost -o eth1.6 -p udp -d 10.3.2.0/24 -m dscp --dscp 46 -j CLASSIFY --set-class 1:61 run_iptables -t mangle -A tcpost -o eth1.6 -d 10.3.1.0/24 -p udp -m multiport --ports 123 -j CLASSIFY --set-class 1:671 run_iptables -t mangle -A tcpost -o eth1.6 -s 10.1.1.0/24 -p icmp -j CLASSIFY --set-class 1:672 run_iptables -t mangle -A tcpost -o eth1.6 -s 10.2.1.0/24 -p icmp -j CLASSIFY --set-class 1:672 run_iptables -t mangle -A tcpost -o eth1.6 -s 10.5.1.0/24 -p icmp -j CLASSIFY --set-class 1:672 run_iptables -t mangle -A tcpost -o eth1.6 -p udp -m multiport --ports 53 -j CLASSIFY --set-class 1:673 run_iptables -t mangle -A tcpost -o eth1.6 -p tcp -m multiport --ports 53 -j CLASSIFY --set-class 1:673 run_iptables -t mangle -A tcpost -o eth1.6 -p udp -m multiport --ports 161,162 -j CLASSIFY --set-class 1:674 # eth1.7 - Odiyan #VoIP run_iptables -t mangle -A tcpost -o eth1.7 -p tcp -d 10.3.2.0/24 -m multiport --ports 111,5440 -j CLASSIFY --set-class 1:72 run_iptables -t mangle -A tcpost -o eth1.7 -p udp -d 10.3.2.0/24 -m multiport --ports 111,5440 -j CLASSIFY --set-class 1:72 run_iptables -t mangle -A tcpost -o eth1.7 -p udp -d 10.3.2.0/24 -m multiport --ports 2427,2727,5441,5442,5443,5444,5445,5446 -j CLASSIFY --set-class 1:72 run_iptables -t mangle -A tcpost -o eth1.7 -p udp -m multiport --ports 2427 -j DSCP --set-dscp-class AF31 run_iptables -t mangle -A tcpost -o eth1.7 -p udp -d 10.3.2.0/24 -m multiport --ports 5004 -j CLASSIFY --set-class 1:71 run_iptables -t mangle -A tcpost -o eth1.7 -p udp -d 10.3.2.0/24 -m dscp --dscp 46 -j CLASSIFY --set-class 1:71 run_iptables -t mangle -A tcpost -o eth1.7 -d 10.3.1.0/24 -p udp -m multiport --ports 123 -j CLASSIFY --set-class 1:771 run_iptables -t mangle -A tcpost -o eth1.7 -s 10.1.1.0/24 -p icmp -j CLASSIFY --set-class 1:772 run_iptables -t mangle -A tcpost -o eth1.7 -s 10.2.1.0/24 -p icmp -j CLASSIFY --set-class 1:772 run_iptables -t mangle -A tcpost -o eth1.7 -s 10.5.1.0/24 -p icmp -j CLASSIFY --set-class 1:772 run_iptables -t mangle -A tcpost -o eth1.7 -p udp -m multiport --ports 53 -j CLASSIFY --set-class 1:773 run_iptables -t mangle -A tcpost -o eth1.7 -p tcp -m multiport --ports 53 -j CLASSIFY --set-class 1:773 run_iptables -t mangle -A tcpost -o eth1.7 -p udp -m multiport --ports 161,162 -j CLASSIFY --set-class 1:774 # eth1.8 - Verizon run_iptables -t mangle -A tcpost -o eth1.8 -j CLASSIFY --set-class 1:82 run_iptables -t mangle -A tcpost -o eth1.8 -p tcp --tcp-flags SYN,ACK,FIN,RST ACK -m length --length 0:63 -j CLASSIFY --set-class 1:81 ### eth1.9 run_iptables -t mangle -A tcpost -s 192.168.1.0/24 -o eth1.9 -j CLASSIFY --set-class 1:912 run_iptables -t mangle -A tcpost -s 10.1.10.0/24 -o eth1.9 -j CLASSIFY --set-class 1:922 run_iptables -t mangle -A tcpost -s 192.168.0.0/24 -o eth1.9 -j CLASSIFY --set-class 1:932 run_iptables -t mangle -A tcpost -s 192.9.200.0/24 -o eth1.9 -j CLASSIFY --set-class 1:942 run_iptables -t mangle -A tcpost -s 192.168.1.0/24 -o eth1.9 -p tcp --tcp-flags SYN,ACK,FIN,RST ACK -m length --length 0:63 -j CLASSIFY --set-class 1:911 run_iptables -t mangle -A tcpost -s 10.1.10.0/24 -o eth1.9 -p tcp --tcp-flags SYN,ACK,FIN,RST ACK -m length --length 0:63 -j CLASSIFY --set-class 1:921 run_iptables -t mangle -A tcpost -s 192.168.0.0/24 -o eth1.9 -p tcp --tcp-flags SYN,ACK,FIN,RST ACK -m length --length 0:63 -j CLASSIFY --set-class 1:931 run_iptables -t mangle -A tcpost -s 192.9.200.0/24 -o eth1.9 -p tcp --tcp-flags SYN,ACK,FIN,RST ACK -m length --length 0:63 -j CLASSIFY --set-class 1:941 # Black mountain/Dharma Publishing run_iptables -t mangle -A tcfor -o eth1.4 -j CLASSIFY --set-class 1:43 run_iptables -t mangle -A tcfor -i eth1.9 -o eth1.4 -j CLASSIFY --set-class 1:41 # Black mountain/Lee run_iptables -t mangle -A tcpost -o eth1.10 ! -d 10.1.10.248/32 -j CLASSIFY --set-class 1:1020 run_iptables -t mangle -A tcfor -i eth1.9 -o eth1.10 -d 10.1.10.248/32 -j CLASSIFY --set-class 1:1010 # Library run_iptables -t mangle -A tcfor -o eth1.6 -d 192.168.0.0/24 -j CLASSIFY --set-class 1:65 run_iptables -t mangle -A tcfor -i eth1.9 -o eth1.6 -d 192.168.0.0/24 -j CLASSIFY --set-class 1:63 run_iptables -t mangle -A tcfor -o eth1.7 -d 192.168.0.0/24 -j CLASSIFY --set-class 1:75 run_iptables -t mangle -A tcfor -i eth1.9 -o eth1.7 -d 192.168.0.0/24 -j CLASSIFY --set-class 1:73 run_iptables -t mangle -A tcfor -o eth1.11 -d 192.168.0.0/24 -j CLASSIFY --set-class 1:115 run_iptables -t mangle -A tcfor -i eth1.9 -o eth1.11 -d 192.168.0.0/24 -j CLASSIFY --set-class 1:113 # Odiyan run_iptables -t mangle -A tcfor -o eth1.6 -d 192.9.200.0/24 -j CLASSIFY --set-class 1:66 run_iptables -t mangle -A tcfor -i eth1.9 -o eth1.6 -d 192.9.200.0/24 -j CLASSIFY --set-class 1:64 run_iptables -t mangle -A tcfor -o eth1.7 -d 192.9.200.0/24 -j CLASSIFY --set-class 1:76 run_iptables -t mangle -A tcfor -i eth1.9 -o eth1.7 -d 192.9.200.0/24 -j CLASSIFY --set-class 1:74 run_iptables -t mangle -A tcfor -o eth1.11 -d 192.9.200.0/24 -j CLASSIFY --set-class 1:116 run_iptables -t mangle -A tcfor -i eth1.9 -o eth1.11 -d 192.9.200.0/24 -j CLASSIFY --set-class 1:114 # eth1.100 - Video # Bulk run_iptables -t mangle -A tcpost -o eth1.100 -j CLASSIFY --set-class 1:1003 # Realtime run_iptables -t mangle -A tcpost -o eth1.100 -m dscp --dscp 34 -j CLASSIFY --set-class 1:1001 # Data run_iptables -t mangle -A tcpost -o eth1.100 -m dscp --dscp 22 -j CLASSIFY --set-class 1:1002 run_iptables -t mangle -A tcpost -o eth1.100 -m dscp --dscp 26 -j CLASSIFY --set-class 1:1002 # eth1.101 - Resource run_iptables -t mangle -A tcpost -o eth1.101 -j CLASSIFY --set-class 1:101 # eth1.11 - Dish 3G65 #VoIP run_iptables -t mangle -A tcpost -o eth1.11 -p tcp -d 10.3.2.0/24 -m multiport --ports 111,5440 -j CLASSIFY --set-class 1:112 run_iptables -t mangle -A tcpost -o eth1.11 -p udp -d 10.3.2.0/24 -m multiport --ports 111,5440 -j CLASSIFY --set-class 1:112 run_iptables -t mangle -A tcpost -o eth1.11 -p udp -d 10.3.2.0/24 -m multiport --ports 2427,2727,5441,5442,5443,5444,5445,5446 -j CLASSIFY --set-class 1:112 run_iptables -t mangle -A tcpost -o eth1.11 -p udp -m multiport --ports 2427 -j DSCP --set-dscp-class AF31 run_iptables -t mangle -A tcpost -o eth1.11 -p udp -d 10.3.2.0/24 -m multiport --ports 5004 -j CLASSIFY --set-class 1:111 run_iptables -t mangle -A tcpost -o eth1.11 -p udp -d 10.3.2.0/24 -m dscp --dscp 46 -j CLASSIFY --set-class 1:111 run_iptables -t mangle -A tcfor -i eth1.9 -o eth1.11 -d 192.168.0.0/24 -j CLASSIFY --set-class 1:115 run_iptables -t mangle -A tcpost -o eth1.11 -d 10.3.1.0/24 -p udp -m multiport --ports 123 -j CLASSIFY --set-class 1:1171 run_iptables -t mangle -A tcpost -o eth1.11 -s 10.1.1.0/24 -p icmp -j CLASSIFY --set-class 1:1172 run_iptables -t mangle -A tcpost -o eth1.11 -s 10.2.1.0/24 -p icmp -j CLASSIFY --set-class 1:1172 run_iptables -t mangle -A tcpost -o eth1.11 -s 10.5.1.0/24 -p icmp -j CLASSIFY --set-class 1:1172 run_iptables -t mangle -A tcpost -o eth1.11 -p udp -m multiport --ports 53 -j CLASSIFY --set-class 1:1173 run_iptables -t mangle -A tcpost -o eth1.11 -p tcp -m multiport --ports 53 -j CLASSIFY --set-class 1:1173 run_iptables -t mangle -A tcpost -o eth1.11 -p udp -m multiport --ports 161,162 -j CLASSIFY --set-class 1:1174 # eth1.110 - CC Wireless run_iptables -t mangle -A tcpost -o eth1.110 -j CLASSIFY --set-class 1:110 # eth1.200 - Dan run_iptables -t mangle -A tcpost -o eth1.200 -j CLASSIFY --set-class 1:200 # eth1.201 - Lee run_iptables -t mangle -A tcpost -o eth1.201 -j CLASSIFY --set-class 1:201 # eth1.21 - Verizon extender run_iptables -t mangle -A tcpost -o eth1.21 -j CLASSIFY --set-class 1:21 # eth1.30 - Water run_iptables -t mangle -A tcpost -o eth1.30 -j CLASSIFY --set-class 1:30 # eth1.31 - Robot run_iptables -t mangle -A tcpost -o eth1.31 -j CLASSIFY --set-class 1:31 # eth1.4 - Dharma Publishing run_iptables -t mangle -A tcpost -o eth1.4 -d 192.168.1.187/32 -p tcp --dport 3389 -j CLASSIFY --set-class 1:42 # eth1.4001 - Admin run_iptables -t mangle -A tcpost -o eth1.4001 -j CLASSIFY --set-class 1:4001 # eth1.80 - Web run_iptables -t mangle -A tcpost -o eth1.80 -j CLASSIFY --set-class 1:80