From d6caf69056cd373cd88fdb554654d9a346d15a6a Mon Sep 17 00:00:00 2001 From: Michael Gebetsroither Date: Sat, 17 Mar 2007 18:31:18 +0100 Subject: [PATCH] removed iptables hacks necessary for tftpd-hpa --- grml-terminalserver | 26 +------------------------- 1 file changed, 1 insertion(+), 25 deletions(-) diff --git a/grml-terminalserver b/grml-terminalserver index 0cb1883..fd4abcb 100755 --- a/grml-terminalserver +++ b/grml-terminalserver @@ -132,34 +132,10 @@ function runDhcp startDhcp } -# make sure tcp/113 is rejected function runIptables { if [ -x /sbin/iptables ] ; then - # something keeps answering all tftp requests with auth requests (SYN - # packets to the client tcp/113). Since the PXE client doesn't answer with - # RST, the auth query has to wait until it times out. Forbidding the - # terminalserver to send out packets to tcp/113 via iptables _greatly_ - # speeds up the process. But of course the real fix would be to have grml - # stop sending out auth queries to tftp clients. according to netstat, it - # is in.tftpd itself sending out the auth queries. - # Thanks to Marc Haber and Wolfgang Karall for noticing and current fix. - if iptables -L | grep -q '^REJECT.*tcp dpt:auth reject-with tcp-reset' ; then - echo "Rule for tcp/113 already present, nothing to be done." - else - echo "Rejecting tcp/113 via iptables to speed up booting via PXE, running:" - echo -n '* iptables -A OUTPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset ... ' - iptables -A OUTPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset && echo done || echo failed - fi - # deactivate Multicast-DNS - if iptables -L | grep -q '^REJECT.*dpt:mdns reject-with icmp-port-unreachable' ; then - echo "Rule for udp/5353 already present, nothing to be done." - else - echo "Rejecting udp/5353 via iptables for deactivating Multicast-DNS, running:" - echo -n '* iptables -A OUTPUT -p udp -d 224.0.0.0/8 --dport 5353 -j REJECT ... ' - iptables -A OUTPUT -p udp -d 224.0.0.0/8 --dport 5353 -j REJECT && echo done || echo failed - fi - if [ "$NAT_INTERFACE_" != "none" ]; then + if [[ "$NAT_INTERFACE_" != "none" ]]; then local nat_source_ip_=`netGetIp "$NAT_INTERFACE_" warn` if iptables -t nat -vnL POSTROUTING | grep -q "SNAT.*${NAT_INTERFACE_}.*to:${nat_source_ip_}" ; then -- 2.1.4