API tools faq
paste
Guest User

Untitled

a guest
May 12th, 2016
116
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.53 KB | None | 0 0
raw download clone embed print report
  1. *mangle
  2. :PREROUTING ACCEPT [0:0]
  3. :INPUT ACCEPT [0:0]
  4. :FORWARD ACCEPT [0:0]
  5. :OUTPUT ACCEPT [0:0]
  6. :POSTROUTING ACCEPT [0:0]
  7. COMMIT
  8. *nat
  9. :PREROUTING ACCEPT [0:0]
  10. :INPUT ACCEPT [0:0]
  11. :OUTPUT ACCEPT [0:0]
  12. :POSTROUTING ACCEPT [0:0]
  13. COMMIT
  14. *filter
  15. :INPUT DROP [0:0]
  16. :OUTPUT DROP [0:0]
  17. :FORWARD DROP [0:0]
  18. -A INPUT --match state --state INVALID -j DROP # Invalid Packet
  19. -A INPUT --protocol tcp --tcp-flags SYN,RST SYN,RST -j DROP # Portscan - SYN + RST
  20. -A INPUT --protocol tcp --tcp-flags SYN,FIN SYN,FIN -j DROP # Portscan - SYN + FIN
  21. -A INPUT --protocol tcp --tcp-flags ALL FIN,URG,PSH -j DROP # Portscan - FIN + URG + PSH
  22. -A INPUT --protocol tcp --tcp-flags ALL ALL -j DROP # Portscan - ALL Flags
  23. -A INPUT --protocol tcp --tcp-flags ALL NONE -j DROP # Portscan - nmap Null scan
  24. -A INPUT --protocol tcp --tcp-flags ALL FIN -j DROP # Portscan - nmap FIN stealth scan
  25. -A INPUT --protocol tcp --tcp-flags ALL URG,ACK,PSH,RST,SYN,FIN -j DROP # Portscan ▒^▒^▒ XMAS
  26. -A INPUT --in-interface lo -j ACCEPT # Loopback (localhost)
  27. -A INPUT --match state --state RELATED,ESTABLISHED -j ACCEPT # Established Sessions
  28. -A INPUT --protocol icmp --icmp-type echo-request -j ACCEPT # ICMP - Echo-Request (8)
  29. -A INPUT --protocol udp --in-interface eth0 --destination-port 67:68 --source-port 67:68 -j ACCEPT # DCHP ▒^▒^▒ Client
  30. -A INPUT --protocol tcp --destination-port 8002 --match state --state NEW -j ACCEPT # SSH - OpenSSH
  31. -A INPUT --protocol tcp --destination-port 8000 --match state --state NEW -j ACCEPT # Ajenti - Webpanel
  32. -A INPUT --protocol tcp --destination-port 80 --match state --state NEW -j ACCEPT # HTTP - nginx
  33. -A INPUT --protocol tcp --destination-port 443 --match state --state NEW -j ACCEPT # HTTPS - nginx
  34. -A INPUT --protocol tcp --destination-port 8001 --match state --state NEW -j ACCEPT # HTTPS - nginx (phpMyAdmin)
  35. -A INPUT --protocol tcp --match multiport --destination-port 21,50001:50050 --match state --state NEW -j ACCEPT # FTP - Pure-FTP
  36. -A INPUT --protocol tcp --destination-port 25 --match state --state NEW -j ACCEPT # SMTP - Exim
  37. -A INPUT --protocol tcp --destination-port 465 --match state --state NEW -j ACCEPT # SMTPS - Exim
  38. -A INPUT --protocol tcp --destination-port 110 --match state --state NEW -j ACCEPT # POP3 - Courier
  39. -A INPUT --protocol tcp --destination-port 995 --match state --state NEW -j ACCEPT # POP3S - Courier
  40. -A INPUT --protocol tcp --destination-port 143 --match state --state NEW -j ACCEPT # IMAP - Courier
  41. -A INPUT --protocol tcp --destination-port 993 --match state --state NEW -j ACCEPT # IMAPS - Courier
  42. -A INPUT --protocol tcp --destination-port 5055 -j ACCEPT # Traccar - Client
  43. -A INPUT -j DROP # Any
  44. -A OUTPUT --match state --state INVALID -j DROP # Invalid Packet
  45. -A OUTPUT --out-interface lo -j ACCEPT # Loopback (localhost)
  46. -A OUTPUT --match state --state RELATED,ESTABLISHED -j ACCEPT # Established Sessions
  47. -A OUTPUT --protocol icmp --icmp-type echo-request -j ACCEPT # ICMP - Echo-Request (8)
  48. -A OUTPUT --protocol udp --out-interface eth0 --destination-port 67:68 --source-port 67:68 -j ACCEPT # DCHP - Client
  49. -A OUTPUT --protocol tcp --destination-port 53 --match state --state NEW -j ACCEPT # DNS - System
  50. -A OUTPUT --protocol udp --destination-port 53 --match state --state NEW -j ACCEPT # DNS - System
  51. -A OUTPUT --protocol udp --destination-port 123 --match state --state NEW -j ACCEPT # NTP - System
  52. -A OUTPUT --protocol tcp --destination-port 43 --match state --state NEW -j ACCEPT # WHOIS - System
  53. -A OUTPUT --protocol tcp --destination-port 80 --match state --state NEW -j ACCEPT # HTTP - nginx
  54. -A OUTPUT --protocol tcp --destination-port 443 --match state --state NEW -j ACCEPT # HTTPS - nginx
  55. -A OUTPUT --protocol tcp --destination-port 21 --match state --state NEW -j ACCEPT # FTP - Pure-FTP
  56. -A OUTPUT --protocol tcp --destination-port 25 --match state --state NEW -j ACCEPT # SMTP - Exim
  57. -A OUTPUT --protocol tcp --destination-port 465 --match state --state NEW -j ACCEPT # SMTPS - Exim
  58. -A OUTPUT --protocol tcp --destination-port 143 --match state --state NEW -j ACCEPT # IMAP - Courier
  59. -A OUTPUT --protocol tcp --destination-port 993 --match state --state NEW -j ACCEPT # IMAPS - Courier
  60. -A OUTPUT --protocol tcp --destination-port 5055 -j ACCEPT # Traccar - Client
  61. -A OUTPUT --protocol tcp --source 192.168.178.0/24 --destination-port 8082 --match state --state NEW -j ACCEPT # Traccar - reverse
  62. -A OUTPUT -j DROP # Any
  63. -A FORWARD --match state --state RELATED,ESTABLISHED -j ACCEPT # Established Sessions
  64. -A FORWARD --match state --state INVALID -j DROP # Invalid Packet
  65. -A FORWARD -j DROP # Any
  66. COMMIT
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!