API tools faq
paste
Advertisement
synthnassizer

sg_fw

synthnassizer
Jul 31st, 2015
271
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.84 KB | None | 0 0
raw download clone embed print report
  1. root@slackware:~# iptables-save
  2. # Generated by iptables-save v1.4.14 on Fri Jul 31 18:12:25 2015
  3. *mangle
  4. :PREROUTING ACCEPT [39905668:18637358453]
  5. :INPUT ACCEPT [33360816:13600868199]
  6. :FORWARD ACCEPT [6544103:5036446390]
  7. :OUTPUT ACCEPT [32618463:8594967900]
  8. :POSTROUTING ACCEPT [39170440:13633301440]
  9. COMMIT
  10. # Completed on Fri Jul 31 18:12:25 2015
  11. # Generated by iptables-save v1.4.14 on Fri Jul 31 18:12:25 2015
  12. *nat
  13. :PREROUTING ACCEPT [177986:11802394]
  14. :INPUT ACCEPT [121312:7648472]
  15. :OUTPUT ACCEPT [325933:21787914]
  16. :POSTROUTING ACCEPT [233191:15008715]
  17. :tcp_prebound - [0:0]
  18. :udp_prebound - [0:0]
  19. -A PREROUTING -i eth1 -p udp -j udp_prebound
  20. -A PREROUTING -i eth1 -p tcp -j tcp_prebound
  21. -A POSTROUTING -o eth1 -j MASQUERADE
  22. -A tcp_prebound -p tcp -j RETURN
  23. -A udp_prebound -p udp -j RETURN
  24. COMMIT
  25. # Completed on Fri Jul 31 18:12:25 2015
  26. # Generated by iptables-save v1.4.14 on Fri Jul 31 18:12:25 2015
  27. *filter
  28. :INPUT DROP [9497:736209]
  29. :FORWARD DROP [0:0]
  30. :OUTPUT DROP [0:0]
  31. :bad_packets - [0:0]
  32. :bad_tcp_packets - [0:0]
  33. :icmp_packets - [0:0]
  34. :tcp_fwdbound - [0:0]
  35. :tcp_inbound - [0:0]
  36. :tcp_infwdbound - [0:0]
  37. :tcp_vpnbound - [0:0]
  38. :udp_fwdbound - [0:0]
  39. :udp_inbound - [0:0]
  40. :udp_infwdbound - [0:0]
  41. :udp_vpnbound - [0:0]
  42. -A INPUT -i lo -j ACCEPT
  43. -A INPUT -j bad_packets
  44. -A INPUT -d 224.0.0.1/32 -j DROP
  45. -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
  46. -A INPUT -i tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
  47. -A INPUT -s 192.168.112.0/24 -i eth0 -j ACCEPT
  48. -A INPUT -d 192.168.112.255/32 -i eth0 -j ACCEPT
  49. -A INPUT -i eth0 -p icmp -j icmp_packets
  50. -A INPUT -i eth2 -j ACCEPT
  51. -A INPUT -s 192.168.26.0/24 -i tun+ -p tcp -j tcp_vpnbound
  52. -A INPUT -s 192.168.114.0/24 -i tun+ -p tcp -j tcp_vpnbound
  53. -A INPUT -s 192.168.18.0/24 -i tun+ -p tcp -j tcp_vpnbound
  54. -A INPUT -s 192.168.26.0/24 -i tun+ -p udp -j udp_vpnbound
  55. -A INPUT -s 192.168.114.0/24 -i tun+ -p udp -j udp_vpnbound
  56. -A INPUT -s 192.168.18.0/24 -i tun+ -p udp -j udp_vpnbound
  57. -A INPUT -d 192.168.26.255/32 -i tun+ -j ACCEPT
  58. -A INPUT -i tun+ -p icmp -j ACCEPT
  59. -A INPUT -i eth1 -p tcp -j tcp_inbound
  60. -A INPUT -i eth1 -p udp -j udp_inbound
  61. -A INPUT -i eth1 -p icmp -j icmp_packets
  62. -A INPUT -m pkttype --pkt-type broadcast -j DROP
  63. -A INPUT -m limit --limit 3/min --limit-burst 3 -j ULOG --ulog-prefix "INPUT packet died: "
  64. -A FORWARD -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
  65. -A FORWARD -i tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
  66. -A FORWARD -i eth0 -p tcp -j tcp_fwdbound
  67. -A FORWARD -i eth2 -j ACCEPT
  68. -A FORWARD -i eth0 -p udp -j udp_fwdbound
  69. -A FORWARD -i eth0 -j ACCEPT
  70. -A FORWARD -s 192.168.26.0/24 -i tun+ -p tcp -j tcp_vpnbound
  71. -A FORWARD -s 192.168.114.0/24 -i tun+ -p tcp -j tcp_vpnbound
  72. -A FORWARD -s 192.168.18.0/24 -i tun+ -p tcp -j tcp_vpnbound
  73. -A FORWARD -s 192.168.26.0/24 -i tun+ -p udp -j udp_vpnbound
  74. -A FORWARD -s 192.168.114.0/24 -i tun+ -p udp -j udp_vpnbound
  75. -A FORWARD -s 192.168.18.0/24 -i tun+ -p udp -j udp_vpnbound
  76. -A FORWARD -i tun+ -p icmp -j icmp_packets
  77. -A FORWARD -i eth1 -p tcp -j tcp_infwdbound
  78. -A FORWARD -i eth1 -p udp -j udp_infwdbound
  79. -A FORWARD -i eth1 -p icmp -j icmp_packets
  80. -A FORWARD -m limit --limit 3/min --limit-burst 3 -j ULOG --ulog-prefix "FORWARD packet died: "
  81. -A OUTPUT -p icmp -m state --state INVALID -j DROP
  82. -A OUTPUT -s 127.0.0.1/32 -j ACCEPT
  83. -A OUTPUT -o lo -j ACCEPT
  84. -A OUTPUT -s 192.168.112.112/32 -j ACCEPT
  85. -A OUTPUT -o eth0 -j ACCEPT
  86. -A OUTPUT -o eth2 -j ACCEPT
  87. -A OUTPUT -o tun+ -j ACCEPT
  88. -A OUTPUT -o eth1 -j ACCEPT
  89. -A OUTPUT -m limit --limit 3/min --limit-burst 3 -j ULOG --ulog-prefix "OUTPUT packet died: "
  90. -A bad_packets -s 192.168.112.0/24 -i eth1 -j ULOG --ulog-prefix "Illegal source: "
  91. -A bad_packets -s 192.168.112.0/24 -i eth1 -j DROP
  92. -A bad_packets -m state --state INVALID -j ULOG --ulog-prefix "Invalid packet: "
  93. -A bad_packets -m state --state INVALID -j DROP
  94. -A bad_packets -p tcp -j bad_tcp_packets
  95. -A bad_packets -j RETURN
  96. -A bad_tcp_packets -i eth0 -p tcp -j RETURN
  97. -A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ULOG --ulog-prefix "New not syn: "
  98. -A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
  99. -A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j ULOG --ulog-prefix "Stealth scan: "
  100. -A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
  101. -A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j ULOG --ulog-prefix "Stealth scan: "
  102. -A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
  103. -A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j ULOG --ulog-prefix "Stealth scan: "
  104. -A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
  105. -A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j ULOG --ulog-prefix "Stealth scan: "
  106. -A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
  107. -A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j ULOG --ulog-prefix "Stealth scan: "
  108. -A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
  109. -A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j ULOG --ulog-prefix "Stealth scan: "
  110. -A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
  111. -A bad_tcp_packets -p tcp -j RETURN
  112. -A icmp_packets -p icmp -f -j ULOG --ulog-prefix "ICMP Fragment: "
  113. -A icmp_packets -p icmp -m icmp --icmp-type 3 -j ACCEPT
  114. -A icmp_packets -p icmp -f -j DROP
  115. -A icmp_packets -p icmp -m icmp --icmp-type 0 -j ACCEPT
  116. -A icmp_packets -p icmp -m icmp --icmp-type 8 -j ACCEPT
  117. -A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
  118. -A icmp_packets -p icmp -j RETURN
  119. -A tcp_fwdbound -p tcp -j RETURN
  120. -A tcp_inbound -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
  121. -A tcp_inbound -p tcp -m tcp --dport 51237 -j ACCEPT
  122. -A tcp_inbound -p tcp -m tcp --dport 34567 -j ACCEPT
  123. -A tcp_inbound -p tcp -m tcp --dport 3551 -j ACCEPT
  124. -A tcp_inbound -p tcp -j RETURN
  125. -A tcp_infwdbound -p tcp -m tcp --dport 12321 -j ACCEPT
  126. -A tcp_infwdbound -p tcp -j RETURN
  127. -A tcp_vpnbound -p tcp -m tcp --dport 80 -j ACCEPT
  128. -A tcp_vpnbound -p tcp -m tcp --dport 3389:3391 -j ACCEPT
  129. -A tcp_vpnbound -p tcp -m tcp --dport 3395 -j ACCEPT
  130. -A tcp_vpnbound -p tcp -m tcp --dport 5901 -j ACCEPT
  131. -A tcp_vpnbound -p tcp -m tcp --dport 5801 -j ACCEPT
  132. -A tcp_vpnbound -p tcp -m tcp --dport 8080 -j ACCEPT
  133. -A tcp_vpnbound -p tcp -m tcp --dport 6600 -j ACCEPT
  134. -A tcp_vpnbound -p tcp -m tcp --dport 10000 -j ACCEPT
  135. -A tcp_vpnbound -p tcp -m tcp --dport 38000 -j ACCEPT
  136. -A tcp_vpnbound -p tcp -m tcp --dport 22 -j ACCEPT
  137. -A tcp_vpnbound -p tcp -m tcp --dport 51237 -j ACCEPT
  138. -A tcp_vpnbound -p tcp -m tcp --dport 139 -j ACCEPT
  139. -A tcp_vpnbound -p tcp -m tcp --dport 445 -j ACCEPT
  140. -A tcp_vpnbound -p tcp -m tcp --dport 53 -j ACCEPT
  141. -A tcp_vpnbound -p tcp -m tcp --dport 34122:34128 -j ACCEPT
  142. -A tcp_vpnbound -j RETURN
  143. -A udp_fwdbound -p udp -j RETURN
  144. -A udp_inbound -p udp -m udp --dport 113 -j REJECT --reject-with icmp-port-unreachable
  145. -A udp_inbound -p udp -m udp --dport 137 -j DROP
  146. -A udp_inbound -p udp -m udp --dport 138 -j DROP
  147. -A udp_inbound -p udp -m udp --dport 34567 -j ACCEPT
  148. -A udp_inbound -p udp -m udp --dport 34568 -j ACCEPT
  149. -A udp_inbound -p udp -m udp --dport 34569 -j ACCEPT
  150. -A udp_inbound -p udp -m udp --dport 32386 -j ACCEPT
  151. -A udp_inbound -s 192.168.231.117/32 -p udp -m udp --dport 123 -j ACCEPT
  152. -A udp_inbound -p udp -j RETURN
  153. -A udp_inbound -p tcp -m tcp --dport 34568 -j ACCEPT
  154. -A udp_infwdbound -p udp -j RETURN
  155. -A udp_vpnbound -p udp -m udp --dport 53 -j ACCEPT
  156. -A udp_vpnbound -p udp -m udp --dport 137:139 -j ACCEPT
  157. -A udp_vpnbound -p udp -m udp --dport 445 -j ACCEPT
  158. -A udp_vpnbound -p udp -j RETURN
  159. COMMIT
  160. # Completed on Fri Jul 31 18:12:25 2015
  161. root@slackware:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!