Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *mangle
- :PREROUTING ACCEPT [0:0]
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- COMMIT
- *nat
- :PREROUTING ACCEPT [0:0]
- :INPUT ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- COMMIT
- *filter
- :INPUT DROP [0:0]
- :OUTPUT DROP [0:0]
- :FORWARD DROP [0:0]
- -A INPUT --match state --state INVALID -j DROP # Invalid Packet
- -A INPUT --protocol tcp --tcp-flags SYN,RST SYN,RST -j DROP # Portscan - SYN + RST
- -A INPUT --protocol tcp --tcp-flags SYN,FIN SYN,FIN -j DROP # Portscan - SYN + FIN
- -A INPUT --protocol tcp --tcp-flags ALL FIN,URG,PSH -j DROP # Portscan - FIN + URG + PSH
- -A INPUT --protocol tcp --tcp-flags ALL ALL -j DROP # Portscan - ALL Flags
- -A INPUT --protocol tcp --tcp-flags ALL NONE -j DROP # Portscan - nmap Null scan
- -A INPUT --protocol tcp --tcp-flags ALL FIN -j DROP # Portscan - nmap FIN stealth scan
- -A INPUT --protocol tcp --tcp-flags ALL URG,ACK,PSH,RST,SYN,FIN -j DROP # Portscan ▒^▒^▒ XMAS
- -A INPUT --in-interface lo -j ACCEPT # Loopback (localhost)
- -A INPUT --match state --state RELATED,ESTABLISHED -j ACCEPT # Established Sessions
- -A INPUT --protocol icmp --icmp-type echo-request -j ACCEPT # ICMP - Echo-Request (8)
- -A INPUT --protocol udp --in-interface eth0 --destination-port 67:68 --source-port 67:68 -j ACCEPT # DCHP ▒^▒^▒ Client
- -A INPUT --protocol tcp --destination-port 8002 --match state --state NEW -j ACCEPT # SSH - OpenSSH
- -A INPUT --protocol tcp --destination-port 8000 --match state --state NEW -j ACCEPT # Ajenti - Webpanel
- -A INPUT --protocol tcp --destination-port 80 --match state --state NEW -j ACCEPT # HTTP - nginx
- -A INPUT --protocol tcp --destination-port 443 --match state --state NEW -j ACCEPT # HTTPS - nginx
- -A INPUT --protocol tcp --destination-port 8001 --match state --state NEW -j ACCEPT # HTTPS - nginx (phpMyAdmin)
- -A INPUT --protocol tcp --match multiport --destination-port 21,50001:50050 --match state --state NEW -j ACCEPT # FTP - Pure-FTP
- -A INPUT --protocol tcp --destination-port 25 --match state --state NEW -j ACCEPT # SMTP - Exim
- -A INPUT --protocol tcp --destination-port 465 --match state --state NEW -j ACCEPT # SMTPS - Exim
- -A INPUT --protocol tcp --destination-port 110 --match state --state NEW -j ACCEPT # POP3 - Courier
- -A INPUT --protocol tcp --destination-port 995 --match state --state NEW -j ACCEPT # POP3S - Courier
- -A INPUT --protocol tcp --destination-port 143 --match state --state NEW -j ACCEPT # IMAP - Courier
- -A INPUT --protocol tcp --destination-port 993 --match state --state NEW -j ACCEPT # IMAPS - Courier
- -A INPUT --protocol tcp --destination-port 5055 -j ACCEPT # Traccar - Client
- -A INPUT -j DROP # Any
- -A OUTPUT --match state --state INVALID -j DROP # Invalid Packet
- -A OUTPUT --out-interface lo -j ACCEPT # Loopback (localhost)
- -A OUTPUT --match state --state RELATED,ESTABLISHED -j ACCEPT # Established Sessions
- -A OUTPUT --protocol icmp --icmp-type echo-request -j ACCEPT # ICMP - Echo-Request (8)
- -A OUTPUT --protocol udp --out-interface eth0 --destination-port 67:68 --source-port 67:68 -j ACCEPT # DCHP - Client
- -A OUTPUT --protocol tcp --destination-port 53 --match state --state NEW -j ACCEPT # DNS - System
- -A OUTPUT --protocol udp --destination-port 53 --match state --state NEW -j ACCEPT # DNS - System
- -A OUTPUT --protocol udp --destination-port 123 --match state --state NEW -j ACCEPT # NTP - System
- -A OUTPUT --protocol tcp --destination-port 43 --match state --state NEW -j ACCEPT # WHOIS - System
- -A OUTPUT --protocol tcp --destination-port 80 --match state --state NEW -j ACCEPT # HTTP - nginx
- -A OUTPUT --protocol tcp --destination-port 443 --match state --state NEW -j ACCEPT # HTTPS - nginx
- -A OUTPUT --protocol tcp --destination-port 21 --match state --state NEW -j ACCEPT # FTP - Pure-FTP
- -A OUTPUT --protocol tcp --destination-port 25 --match state --state NEW -j ACCEPT # SMTP - Exim
- -A OUTPUT --protocol tcp --destination-port 465 --match state --state NEW -j ACCEPT # SMTPS - Exim
- -A OUTPUT --protocol tcp --destination-port 143 --match state --state NEW -j ACCEPT # IMAP - Courier
- -A OUTPUT --protocol tcp --destination-port 993 --match state --state NEW -j ACCEPT # IMAPS - Courier
- -A OUTPUT --protocol tcp --destination-port 5055 -j ACCEPT # Traccar - Client
- -A OUTPUT --protocol tcp --source 192.168.178.0/24 --destination-port 8082 --match state --state NEW -j ACCEPT # Traccar - reverse
- -A OUTPUT -j DROP # Any
- -A FORWARD --match state --state RELATED,ESTABLISHED -j ACCEPT # Established Sessions
- -A FORWARD --match state --state INVALID -j DROP # Invalid Packet
- -A FORWARD -j DROP # Any
- COMMIT
Add Comment
Please, Sign In to add comment