-
Notifications
You must be signed in to change notification settings - Fork 0
/
captive-iptables.conf
36 lines (32 loc) · 1.08 KB
/
captive-iptables.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
internet all -- 192.168.16.0/20 anywhere
Chain internet (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere match-set captive_ok src
MARK all -- anywhere anywhere MARK set 0x63
# iptables -L -t filter
Chain FORWARD (policy DROP)
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere mark match 0x63
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
DNAT tcp -- anywhere anywhere mark match 0x63 tcp dpt:http to:192.168.31.1
# ipset list captive_ok | head -n 15
Name: captive_ok
Type: hash:mac
Revision: 0
Header: hashsize 8192 maxelem 65536
Size in memory: 539744
References: 1
Members:
02:42:42:D9:26:9F
02:42:42:2F:F6:C8
02:42:42:E5:5B:4E
02:42:42:8A:9E:C7
02:42:42:87:C5:A9
02:42:42:0C:56:30
02:42:42:8B:5C:F2
02:42:42:88:90:C9
...