API tools faq
paste
Advertisement
ShapeShifter499

iptables -S

ShapeShifter499
Jun 30th, 2013
402
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.61 KB | None | 0 0
raw download clone embed print report
  1. -P INPUT DROP
  2. -P FORWARD DROP
  3. -P OUTPUT ACCEPT
  4. -N fail2ban-dovecot
  5. -N fail2ban-postfix
  6. -N fail2ban-roundcube
  7. -N fail2ban-ssh
  8. -A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j fail2ban-postfix
  9. -A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j fail2ban-dovecot
  10. -A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j fail2ban-roundcube
  11. -A INPUT -p tcp -m tcp --dport 22 -j fail2ban-ssh
  12. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  13. -A INPUT -i lo -j ACCEPT
  14. -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
  15. -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
  16. -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
  17. -A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
  18. -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
  19. -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
  20. -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
  21. -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
  22. -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
  23. -A INPUT -p udp -m udp --dport 1194 -j ACCEPT
  24. -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
  25. -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  26. -A FORWARD -i wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  27. -A FORWARD -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  28. -A FORWARD -s 10.0.2.0/25 -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  29. -A FORWARD -s 10.0.2.0/25 -d 10.0.0.0/24 -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  30. -A FORWARD -s 10.0.2.0/25 -d 192.168.2.0/24 -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  31. -A FORWARD -i dns0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  32. -A FORWARD -i dns1 -m state --state RELATED,ESTABLISHED -j ACCEPT
  33. -A FORWARD -s 172.16.0.0/27 -d 10.0.0.0/24 -i dns0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  34. -A FORWARD -s 172.16.2.0/27 -d 10.0.0.0/24 -i dns1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  35. -A FORWARD -s 172.16.0.0/27 -d 192.168.2.0/24 -i dns0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  36. -A FORWARD -s 172.16.2.0/27 -d 192.168.2.0/24 -i dns1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  37. -A FORWARD -i wlan0 -o eth0 -p udp -m udp --dport 53 -j ACCEPT
  38. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 80 -j ACCEPT
  39. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 443 -j ACCEPT
  40. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
  41. -A FORWARD -i wlan0 -o eth0 -p udp -m udp --dport 29304 -j ACCEPT
  42. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 29304 -j ACCEPT
  43. -A FORWARD -i eth0 -o wlan0 -p udp -m udp --dport 29304 -j ACCEPT
  44. -A FORWARD -i eth0 -o wlan0 -p tcp -m tcp --dport 29304 -j ACCEPT
  45. -A FORWARD -i wlan0 -o eth0 -p tcp -m multiport --dports 6783:6785 -j ACCEPT
  46. -A FORWARD -i wlan0 -o eth0 -p udp -m multiport --dports 6783:6785 -j ACCEPT
  47. -A FORWARD -i wlan0 -o eth0 -p udp -m multiport --dports 5060:5080 -j ACCEPT
  48. -A FORWARD -i wlan0 -o eth0 -p udp -m udp --dport 65535 -j ACCEPT
  49. -A FORWARD -i wlan0 -o eth0 -p udp -m multiport --dports 19305:19309 -j ACCEPT
  50. -A FORWARD -i wlan0 -o eth0 -p tcp -m multiport --dports 19305:19309 -j ACCEPT
  51. -A FORWARD -i wlan0 -o eth0 -p udp -m udp --dport 5228 -j ACCEPT
  52. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 5228 -j ACCEPT
  53. -A FORWARD -i wlan0 -o eth0 -p udp -m udp --dport 14259 -j ACCEPT
  54. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 14259 -j ACCEPT
  55. -A FORWARD -i wlan0 -o eth0 -p udp -m udp --dport 80 -j ACCEPT
  56. -A FORWARD -i wlan0 -o eth0 -p udp -m udp --dport 6969 -j ACCEPT
  57. -A FORWARD -i wlan0 -o eth0 -p udp -m udp --dport 1337 -j ACCEPT
  58. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 25 -j ACCEPT
  59. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 587 -j ACCEPT
  60. -A FORWARD -i wlan0 -o eth0 -p udp -m udp --dport 465 -j ACCEPT
  61. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 465 -j ACCEPT
  62. -A FORWARD -i wlan0 -o eth0 -p udp -m udp --dport 587 -j ACCEPT
  63. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 587 -j ACCEPT
  64. -A FORWARD -i wlan0 -o eth0 -p udp -m multiport --dports 993:995 -j ACCEPT
  65. -A FORWARD -i wlan0 -o eth0 -p tcp -m multiport --dports 993:995 -j ACCEPT
  66. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 7070 -j ACCEPT
  67. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 1338 -j ACCEPT
  68. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 6667 -j ACCEPT
  69. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 6697 -j ACCEPT
  70. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 2000 -j ACCEPT
  71. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 1843 -j ACCEPT
  72. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 843 -j ACCEPT
  73. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 22 -j ACCEPT
  74. -A FORWARD -i wlan0 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
  75. -A FORWARD -i wlan0 -o eth0 -p udp -m multiport --dports 3478:3487 -j ACCEPT
  76. -A FORWARD -i wlan0 -o eth0 -p tcp -m tcp --dport 5223 -j ACCEPT
  77. -A FORWARD -i wlan0 -o eth0 -p udp -m multiport --dports 16384:16387 -j ACCEPT
  78. -A FORWARD -i wlan0 -o eth0 -p udp -m multiport --dports 16393:16402 -j ACCEPT
  79. -A FORWARD -i wlan0 -o eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
  80. -A FORWARD -i dns0 -o eth0 -p udp -m udp --dport 53 -j ACCEPT
  81. -A FORWARD -i dns1 -o eth0 -p udp -m udp --dport 53 -j ACCEPT
  82. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 80 -j ACCEPT
  83. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 443 -j ACCEPT
  84. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 80 -j ACCEPT
  85. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 443 -j ACCEPT
  86. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
  87. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
  88. -A FORWARD -i dns0 -o eth0 -p udp -m udp --dport 29304 -j ACCEPT
  89. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 29304 -j ACCEPT
  90. -A FORWARD -i dns1 -o eth0 -p udp -m udp --dport 29304 -j ACCEPT
  91. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 29304 -j ACCEPT
  92. -A FORWARD -i eth0 -o dns0 -p udp -m udp --dport 29304 -j ACCEPT
  93. -A FORWARD -i eth0 -o dns0 -p tcp -m tcp --dport 29304 -j ACCEPT
  94. -A FORWARD -i eth0 -o dns1 -p udp -m udp --dport 29304 -j ACCEPT
  95. -A FORWARD -i eth0 -o dns1 -p tcp -m tcp --dport 29304 -j ACCEPT
  96. -A FORWARD -i dns0 -o eth0 -p tcp -m multiport --dports 6783:6785 -j ACCEPT
  97. -A FORWARD -i dns0 -o eth0 -p udp -m multiport --dports 6783:6785 -j ACCEPT
  98. -A FORWARD -i dns1 -o eth0 -p tcp -m multiport --dports 6783:6785 -j ACCEPT
  99. -A FORWARD -i dns1 -o eth0 -p udp -m multiport --dports 6783:6785 -j ACCEPT
  100. -A FORWARD -i dns0 -o eth0 -p udp -m multiport --dports 5060:5080 -j ACCEPT
  101. -A FORWARD -i dns0 -o eth0 -p udp -m udp --dport 65535 -j ACCEPT
  102. -A FORWARD -i dns1 -o eth0 -p udp -m multiport --dports 5060:5080 -j ACCEPT
  103. -A FORWARD -i dns1 -o eth0 -p udp -m udp --dport 65535 -j ACCEPT
  104. -A FORWARD -i dns0 -o eth0 -p udp -m multiport --dports 19305:19309 -j ACCEPT
  105. -A FORWARD -i dns0 -o eth0 -p tcp -m multiport --dports 19305:19309 -j ACCEPT
  106. -A FORWARD -i dns0 -o eth0 -p udp -m udp --dport 5228 -j ACCEPT
  107. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 5228 -j ACCEPT
  108. -A FORWARD -i dns0 -o eth0 -p udp -m udp --dport 14259 -j ACCEPT
  109. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 14259 -j ACCEPT
  110. -A FORWARD -i dns1 -o eth0 -p udp -m multiport --dports 19305:19309 -j ACCEPT
  111. -A FORWARD -i dns1 -o eth0 -p tcp -m multiport --dports 19305:19309 -j ACCEPT
  112. -A FORWARD -i dns1 -o eth0 -p udp -m udp --dport 5228 -j ACCEPT
  113. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 5228 -j ACCEPT
  114. -A FORWARD -i dns1 -o eth0 -p udp -m udp --dport 14259 -j ACCEPT
  115. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 14259 -j ACCEPT
  116. -A FORWARD -i dns0 -o eth0 -p udp -m udp --dport 80 -j ACCEPT
  117. -A FORWARD -i dns0 -o eth0 -p udp -m udp --dport 6969 -j ACCEPT
  118. -A FORWARD -i dns0 -o eth0 -p udp -m udp --dport 1337 -j ACCEPT
  119. -A FORWARD -i dns1 -o eth0 -p udp -m udp --dport 80 -j ACCEPT
  120. -A FORWARD -i dns1 -o eth0 -p udp -m udp --dport 6969 -j ACCEPT
  121. -A FORWARD -i dns1 -o eth0 -p udp -m udp --dport 1337 -j ACCEPT
  122. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 25 -j ACCEPT
  123. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 25 -j ACCEPT
  124. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 587 -j ACCEPT
  125. -A FORWARD -i dns1 -o eth -p tcp -m tcp --dport 587 -j ACCEPT
  126. -A FORWARD -i dns0 -o eth0 -p udp -m udp --dport 465 -j ACCEPT
  127. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 465 -j ACCEPT
  128. -A FORWARD -i dns1 -o eth0 -p udp -m udp --dport 465 -j ACCEPT
  129. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 465 -j ACCEPT
  130. -A FORWARD -i dns0 -o eth0 -p udp -m udp --dport 587 -j ACCEPT
  131. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 587 -j ACCEPT
  132. -A FORWARD -i dns1 -o eth0 -p udp -m udp --dport 587 -j ACCEPT
  133. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 587 -j ACCEPT
  134. -A FORWARD -i dns0 -o eth0 -p udp -m multiport --dports 993:995 -j ACCEPT
  135. -A FORWARD -i dns0 -o eth0 -p tcp -m multiport --dports 993:995 -j ACCEPT
  136. -A FORWARD -i dns1 -o eth0 -p udp -m multiport --dports 993:995 -j ACCEPT
  137. -A FORWARD -i dns1 -o eth0 -p tcp -m multiport --dports 993:995 -j ACCEPT
  138. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 7070 -j ACCEPT
  139. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 1338 -j ACCEPT
  140. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 6667 -j ACCEPT
  141. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 6697 -j ACCEPT
  142. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 7070 -j ACCEPT
  143. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 1338 -j ACCEPT
  144. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 6667 -j ACCEPT
  145. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 6697 -j ACCEPT
  146. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 2000 -j ACCEPT
  147. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 1843 -j ACCEPT
  148. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 843 -j ACCEPT
  149. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 2000 -j ACCEPT
  150. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 1843 -j ACCEPT
  151. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 843 -j ACCEPT
  152. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 22 -j ACCEPT
  153. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 22 -j ACCEPT
  154. -A FORWARD -i dns0 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
  155. -A FORWARD -i dns1 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
  156. -A FORWARD -i dns0 -o eth0 -p udp -m multiport --dports 3478:3487 -j ACCEPT
  157. -A FORWARD -i dns0 -o eth0 -p tcp -m tcp --dport 5223 -j ACCEPT
  158. -A FORWARD -i dns0 -o eth0 -p udp -m multiport --dports 16384:16387 -j ACCEPT
  159. -A FORWARD -i dns0 -o eth0 -p udp -m multiport --dports 16393:16402 -j ACCEPT
  160. -A FORWARD -i dns1 -o eth0 -p udp -m multiport --dports 3478:3487 -j ACCEPT
  161. -A FORWARD -i dns1 -o eth0 -p tcp -m tcp --dport 5223 -j ACCEPT
  162. -A FORWARD -i dns1 -o eth0 -p udp -m multiport --dports 16384:16387 -j ACCEPT
  163. -A FORWARD -i dns1 -o eth0 -p udp -m multiport --dports 16393:16402 -j ACCEPT
  164. -A FORWARD -i dns0 -o eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
  165. -A FORWARD -i dns1 -o eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
  166. -A FORWARD -i tun0 -o eth0 -p udp -m udp --dport 53 -j ACCEPT
  167. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 80 -j ACCEPT
  168. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 443 -j ACCEPT
  169. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
  170. -A FORWARD -i tun0 -o eth0 -p udp -m udp --dport 29304 -j ACCEPT
  171. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 29304 -j ACCEPT
  172. -A FORWARD -i eth0 -o tun0 -p udp -m udp --dport 29304 -j ACCEPT
  173. -A FORWARD -i eth0 -o tun0 -p tcp -m tcp --dport 29304 -j ACCEPT
  174. -A FORWARD -i tun0 -o eth0 -p tcp -m multiport --dports 6783:6785 -j ACCEPT
  175. -A FORWARD -i tun0 -o eth0 -p udp -m multiport --dports 6783:6785 -j ACCEPT
  176. -A FORWARD -i tun0 -o eth0 -p udp -m multiport --dports 5060:5080 -j ACCEPT
  177. -A FORWARD -i tun0 -o eth0 -p udp -m udp --dport 65535 -j ACCEPT
  178. -A FORWARD -i tun0 -o eth0 -p udp -m multiport --dports 19305:19309 -j ACCEPT
  179. -A FORWARD -i tun0 -o eth0 -p tcp -m multiport --dports 19305:19309 -j ACCEPT
  180. -A FORWARD -i tun0 -o eth0 -p udp -m udp --dport 5228 -j ACCEPT
  181. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 5228 -j ACCEPT
  182. -A FORWARD -i tun0 -o eth0 -p udp -m udp --dport 14259 -j ACCEPT
  183. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 14259 -j ACCEPT
  184. -A FORWARD -i tun0 -o eth0 -p udp -m udp --dport 80 -j ACCEPT
  185. -A FORWARD -i tun0 -o eth0 -p udp -m udp --dport 6969 -j ACCEPT
  186. -A FORWARD -i tun0 -o eth0 -p udp -m udp --dport 1337 -j ACCEPT
  187. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 25 -j ACCEPT
  188. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 587 -j ACCEPT
  189. -A FORWARD -i tun0 -o eth0 -p udp -m udp --dport 465 -j ACCEPT
  190. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 465 -j ACCEPT
  191. -A FORWARD -i tun0 -o eth0 -p udp -m udp --dport 587 -j ACCEPT
  192. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 587 -j ACCEPT
  193. -A FORWARD -i tun0 -o eth0 -p udp -m multiport --dports 993:995 -j ACCEPT
  194. -A FORWARD -i tun0 -o eth0 -p tcp -m multiport --dports 993:995 -j ACCEPT
  195. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 7070 -j ACCEPT
  196. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 1338 -j ACCEPT
  197. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 6667 -j ACCEPT
  198. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 6697 -j ACCEPT
  199. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 2000 -j ACCEPT
  200. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 1843 -j ACCEPT
  201. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 843 -j ACCEPT
  202. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 22 -j ACCEPT
  203. -A FORWARD -i tun0 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
  204. -A FORWARD -i tun0 -o eth0 -p udp -m multiport --dports 3478:3487 -j ACCEPT
  205. -A FORWARD -i tun0 -o eth0 -p tcp -m tcp --dport 5223 -j ACCEPT
  206. -A FORWARD -i tun0 -o eth0 -p udp -m multiport --dports 16384:16387 -j ACCEPT
  207. -A FORWARD -i tun0 -o eth0 -p udp -m multiport --dports 16393:16402 -j ACCEPT
  208. -A FORWARD -i tun0 -o eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
  209. -A fail2ban-dovecot -j RETURN
  210. -A fail2ban-postfix -j RETURN
  211. -A fail2ban-roundcube -j RETURN
  212. -A fail2ban-ssh -j RETURN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!