API tools faq
paste
Advertisement
Guest User

iptables

a guest
Apr 26th, 2016
539
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.47 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.4.21 on Tue Apr 26 11:03:25 2016
  2. *mangle
  3. :PREROUTING ACCEPT [1147859:702009071]
  4. :INPUT ACCEPT [43517:8752924]
  5. :FORWARD ACCEPT [1103788:693068380]
  6. :OUTPUT ACCEPT [42851:5481746]
  7. :POSTROUTING ACCEPT [1146112:698518562]
  8. :NAT_DESTINATION - [0:0]
  9. [27388545:18692468907] -A PREROUTING -j NAT_DESTINATION
  10. ....
  11. [237:14164] -A NAT_DESTINATION -s 192.168.5.0/24 -d EXT_IP/32 -p tcp -m tcp --dport 6000 -j MARK --set-xmark 0x1/0xffffffff
  12. [0:0] -A NAT_DESTINATION -s 10.10.20.0/24 -d EXT_IP/32 -p tcp -m tcp --dport 6000 -j MARK --set-xmark 0x2/0xffffffff
  13. [0:0] -A NAT_DESTINATION -s 172.16.10.0/24 -d EXT_IP/32 -p tcp -m tcp --dport 6000 -j MARK --set-xmark 0x3/0xffffffff
  14. ....
  15. COMMIT
  16. # Completed on Tue Apr 26 11:03:25 2016
  17. # Generated by iptables-save v1.4.21 on Tue Apr 26 11:03:25 2016
  18. *filter
  19. :INPUT DROP [0:0]
  20. :FORWARD DROP [0:0]
  21. :OUTPUT ACCEPT [0:0]
  22. :BADTCP - [0:0]
  23. :CONNTRACK - [0:0]
  24. :CUSTOMFORWARD - [0:0]
  25. :CUSTOMINPUT - [0:0]
  26. :CUSTOMOUTPUT - [0:0]
  27. :DHCPBLUEINPUT - [0:0]
  28. :DHCPBLUEOUTPUT - [0:0]
  29. :DHCPGREENINPUT - [0:0]
  30. :DHCPGREENOUTPUT - [0:0]
  31. :DHCPINPUT - [0:0]
  32. :DHCPOUTPUT - [0:0]
  33. :FORWARDFW - [0:0]
  34. :GEOIPBLOCK - [0:0]
  35. :GUARDIAN - [0:0]
  36. :GUIINPUT - [0:0]
  37. :ICMPINPUT - [0:0]
  38. :INPUTFW - [0:0]
  39. :IPSECBLOCK - [0:0]
  40. :IPSECFORWARD - [0:0]
  41. :IPSECINPUT - [0:0]
  42. :IPSECOUTPUT - [0:0]
  43. :IPTVFORWARD - [0:0]
  44. :IPTVINPUT - [0:0]
  45. :LOG_DROP - [0:0]
  46. :LOG_REJECT - [0:0]
  47. :LOOPBACK - [0:0]
  48. :NEWNOTSYN - [0:0]
  49. :OUTGOINGFW - [0:0]
  50. :OVPNBLOCK - [0:0]
  51. :OVPNINPUT - [0:0]
  52. :P2PBLOCK - [0:0]
  53. :POLICYFWD - [0:0]
  54. :POLICYIN - [0:0]
  55. :POLICYOUT - [0:0]
  56. :PSCAN - [0:0]
  57. :REDFORWARD - [0:0]
  58. :REDINPUT - [0:0]
  59. :TOR_INPUT - [0:0]
  60. :UPNPFW - [0:0]
  61. :WIRELESSFORWARD - [0:0]
  62. :WIRELESSINPUT - [0:0]
  63. [924652:283049825] -A INPUT -p tcp -j BADTCP
  64. [1797061:854638094] -A INPUT -j CUSTOMINPUT
  65. [1797061:854638094] -A INPUT -j P2PBLOCK
  66. [1797061:854638094] -A INPUT -j GUARDIAN
  67. [0:0] -A INPUT -i tun+ -j OVPNBLOCK
  68. [1797061:854638094] -A INPUT -j IPTVINPUT
  69. [1797061:854638094] -A INPUT -j ICMPINPUT
  70. [1794329:854363932] -A INPUT -j LOOPBACK
  71. [1791810:854108985] -A INPUT -j CONNTRACK
  72. [117095:9133935] -A INPUT -j GEOIPBLOCK
  73. [117095:9133935] -A INPUT -j IPSECINPUT
  74. [117069:9129015] -A INPUT -j GUIINPUT
  75. [117069:9129015] -A INPUT -m conntrack --ctstate NEW -j WIRELESSINPUT
  76. [116556:9095271] -A INPUT -j OVPNINPUT
  77. [116550:9094943] -A INPUT -j TOR_INPUT
  78. [116550:9094943] -A INPUT -j INPUTFW
  79. [116550:9094943] -A INPUT -j REDINPUT
  80. [116550:9094943] -A INPUT -j POLICYIN
  81. [83:4017] -A FORWARD -d 10.5.1.29/32 -j ACCEPT
  82. [88:21680] -A FORWARD -s 10.5.1.29/32 -j ACCEPT
  83. [0:0] -A FORWARD -d 10.10.20.0/24 -j ACCEPT
  84. [0:0] -A FORWARD -s 10.10.20.0/24 -j ACCEPT
  85. [5081:293317] -A FORWARD -d 192.168.80.99/32 -j ACCEPT
  86. [15874:855894] -A FORWARD -d 192.168.80.98/32 -j ACCEPT
  87. [4096:244737] -A FORWARD -s 192.168.80.99/32 -j ACCEPT
  88. [15381:4717024] -A FORWARD -s 192.168.80.98/32 -j ACCEPT
  89. [22545772:16630556002] -A FORWARD -p tcp -j BADTCP
  90. [1232892:71919592] -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  91. [24025978:17226142777] -A FORWARD -j CUSTOMFORWARD
  92. [24025978:17226142777] -A FORWARD -j P2PBLOCK
  93. [24025978:17226142777] -A FORWARD -j GUARDIAN
  94. [24025978:17226142777] -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK
  95. [304633:21370826] -A FORWARD -i tun+ -j OVPNBLOCK
  96. [277768:180074627] -A FORWARD -o tun+ -j OVPNBLOCK
  97. [24025976:17226142595] -A FORWARD -j IPTVFORWARD
  98. [24025976:17226142595] -A FORWARD -j LOOPBACK
  99. [24025976:17226142595] -A FORWARD -j CONNTRACK
  100. [674885:45234435] -A FORWARD -j GEOIPBLOCK
  101. [674885:45234435] -A FORWARD -j IPSECFORWARD
  102. [674885:45234435] -A FORWARD -m conntrack --ctstate NEW -j WIRELESSFORWARD
  103. [674885:45234435] -A FORWARD -j FORWARDFW
  104. [665239:44531502] -A FORWARD -m conntrack --ctstate NEW -j UPNPFW
  105. [665239:44531502] -A FORWARD -j REDFORWARD
  106. [665154:44525551] -A FORWARD -j POLICYFWD
  107. [1711520:432627335] -A OUTPUT -j CUSTOMOUTPUT
  108. [1711520:432627335] -A OUTPUT -j P2PBLOCK
  109. [1711520:432627335] -A OUTPUT -m policy --dir out --pol none -j IPSECBLOCK
  110. [1711008:432584327] -A OUTPUT -j LOOPBACK
  111. [1699674:431498471] -A OUTPUT -j CONNTRACK
  112. [3880:379330] -A OUTPUT -j IPSECOUTPUT
  113. [3880:379330] -A OUTPUT -j OUTGOINGFW
  114. [3880:379330] -A OUTPUT -j POLICYOUT
  115. [2:100] -A BADTCP -i lo -j RETURN
  116. [0:0] -A BADTCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j PSCAN
  117. [0:0] -A BADTCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j PSCAN
  118. [0:0] -A BADTCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j PSCAN
  119. [0:0] -A BADTCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j PSCAN
  120. [0:0] -A BADTCP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j PSCAN
  121. [0:0] -A BADTCP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j PSCAN
  122. [0:0] -A BADTCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j PSCAN
  123. [2295:281062] -A BADTCP -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j NEWNOTSYN
  124. [26715754:18456709871] -A CONNTRACK -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  125. [5846:292480] -A CONNTRACK -m conntrack --ctstate INVALID -j DROP
  126. [0:0] -A DHCPINPUT -p udp -m udp --sport 68 --dport 67 -j ACCEPT
  127. [0:0] -A DHCPINPUT -p tcp -m tcp --sport 68 --dport 67 -j ACCEPT
  128. [0:0] -A DHCPOUTPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT
  129. [0:0] -A DHCPOUTPUT -p tcp -m tcp --sport 67 --dport 68 -j ACCEPT
  130. ......................
  131. [0:0] -A FORWARDFW -s 192.168.5.253/32 -p tcp -m tcp --dport 6000 -j ACCEPT
  132. [240:14344] -A FORWARDFW -d 192.168.5.253/32 -p tcp -m tcp --dport 6000 -j ACCEPT
  133. .....................
  134. [0:0] -A LOG_DROP -m limit --limit 10/min -j LOG
  135. [0:0] -A LOG_DROP -j DROP
  136. [0:0] -A LOG_REJECT -m limit --limit 10/min -j LOG
  137. [0:0] -A LOG_REJECT -j REJECT --reject-with icmp-port-unreachable
  138. [2519:254947] -A LOOPBACK -i lo -j ACCEPT
  139. [11334:1085856] -A LOOPBACK -o lo -j ACCEPT
  140. [0:0] -A LOOPBACK -s 127.0.0.0/8 -j DROP
  141. [0:0] -A LOOPBACK -d 127.0.0.0/8 -j DROP
  142. [812:85565] -A NEWNOTSYN -m limit --limit 10/min -j LOG --log-prefix "DROP_NEWNOTSYN "
  143. [2295:281062] -A NEWNOTSYN -m comment --comment DROP_NEWNOTSYN -j DROP
  144. [0:0] -A OVPNBLOCK -p icmp -m conntrack --ctstate RELATED -j RETURN
  145. [6:328] -A OVPNINPUT -i red0 -p tcp -m tcp --dport 1194 -j ACCEPT
  146. [0:0] -A OVPNINPUT -i blue0 -p tcp -m tcp --dport 1194 -j ACCEPT
  147. [0:0] -A P2PBLOCK -m ipp2p --edk --dc --gnu --kazaa --bit --apple --soul --winmx --ares -j DROP
  148. [33803:2250572] -A POLICYFWD -s 192.168.5.0/24 -i green0 -j ACCEPT
  149. [1:78] -A POLICYFWD -m policy --dir in --pol ipsec -j ACCEPT
  150. [30:2127] -A POLICYFWD -i tun+ -j ACCEPT
  151. [0:0] -A POLICYFWD -s 10.10.20.0/24 -i blue0 -o red0 -j ACCEPT
  152. [0:0] -A POLICYFWD -s 172.16.10.0/24 -i orange0 -o red0 -j ACCEPT
  153. [0:0] -A POLICYFWD -m limit --limit 10/min -j LOG --log-prefix "DROP_FORWARD "
  154. [0:0] -A POLICYFWD -m comment --comment DROP_FORWARD -j DROP
  155. [5067:403340] -A POLICYIN -i green0 -j ACCEPT
  156. [0:0] -A POLICYIN -m policy --dir in --pol ipsec -j ACCEPT
  157. [0:0] -A POLICYIN -i tun+ -j ACCEPT
  158. [132:10028] -A POLICYIN -m limit --limit 10/min -j LOG --log-prefix "DROP_INPUT "
  159. [136:10264] -A POLICYIN -m comment --comment DROP_INPUT -j DROP
  160. [112:10480] -A POLICYOUT -j ACCEPT
  161. [0:0] -A POLICYOUT -m comment --comment DROP_OUTPUT -j DROP
  162. [0:0] -A PSCAN -p tcp -m limit --limit 10/min -m comment --comment "DROP_TCP PScan" -j LOG --log-prefix "DROP_TCP Scan "
  163. [0:0] -A PSCAN -p udp -m limit --limit 10/min -m comment --comment "DROP_UDP PScan" -j LOG --log-prefix "DROP_UDP Scan "
  164. [0:0] -A PSCAN -p icmp -m limit --limit 10/min -m comment --comment "DROP_ICMP PScan" -j LOG --log-prefix "DROP_ICMP Scan "
  165. [0:0] -A PSCAN -f -m limit --limit 10/min -m comment --comment "DROP_FRAG PScan" -j LOG --log-prefix "DROP_FRAG Scan "
  166. [0:0] -A PSCAN -m comment --comment DROP_PScan -j DROP
  167. [0:0] -A REDFORWARD -i orange0 -o red0 -j ACCEPT
  168. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d EXT_IP/32 -p tcp -m tcp --dport 1194 -j ACCEPT
  169. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  170. [73:4802] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  171. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  172. [4:251] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  173. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  174. [116:7703] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  175. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  176. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  177. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  178. [318:20857] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  179. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  180. [2:131] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  181. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  182. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  183. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  184. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  185. [0:0] -A WIRELESSINPUT -s 10.10.20.0/24 -d 10.10.20.1/32 -j ACCEPT
  186. COMMIT
  187. # Completed on Tue Apr 26 11:03:25 2016
  188. # Generated by iptables-save v1.4.21 on Tue Apr 26 11:03:25 2016
  189. *nat
  190. :PREROUTING ACCEPT [40352:2816830]
  191. :INPUT ACCEPT [3673:280785]
  192. :OUTPUT ACCEPT [118:10861]
  193. :POSTROUTING ACCEPT [309:18374]
  194. :CUSTOMPOSTROUTING - [0:0]
  195. :CUSTOMPREROUTING - [0:0]
  196. :IPSECNAT - [0:0]
  197. :NAT_DESTINATION - [0:0]
  198. :NAT_DESTINATION_FIX - [0:0]
  199. :NAT_SOURCE - [0:0]
  200. :OVPNNAT - [0:0]
  201. :REDNAT - [0:0]
  202. :SQUID - [0:0]
  203. :UPNPFW - [0:0]
  204. [832818:56380040] -A PREROUTING -j CUSTOMPREROUTING
  205. [832818:56380040] -A PREROUTING -j SQUID
  206. [832818:56380040] -A PREROUTING -j NAT_DESTINATION
  207. [828148:56093813] -A PREROUTING -j UPNPFW
  208. [0:0] -A PREROUTING -d 172.16.10.254/32 -p tcp -m tcp --dport 27017 -j DNAT --to-destination 192.168.5.237:27017
  209. [52:2704] -A PREROUTING -d 172.16.10.254/32 -p tcp -m tcp --dport 10051 -j DNAT --to-destination 192.168.5.232:10051
  210. [4374:393256] -A OUTPUT -j NAT_DESTINATION
  211. [3:144] -A POSTROUTING -d 10.5.1.0/24 -j SNAT --to-source 172.5.0.254
  212. [2568:154032] -A POSTROUTING -d 192.168.80.0/24 -j SNAT --to-source 172.16.10.254
  213. [675392:44682188] -A POSTROUTING -j CUSTOMPOSTROUTING
  214. [675392:44682188] -A POSTROUTING -j OVPNNAT
  215. [675392:44682188] -A POSTROUTING -j IPSECNAT
  216. [675392:44682188] -A POSTROUTING -j NAT_SOURCE
  217. [675392:44682188] -A POSTROUTING -j NAT_DESTINATION_FIX
  218. [675392:44682188] -A POSTROUTING -j REDNAT
  219. [0:0] -A REDNAT -o red0 -m mark --mark 0x32 -j RETURN
  220. [596955:39326218] -A REDNAT -o red0 -j MASQUERADE
  221. COMMIT
  222. # Completed on Tue Apr 26 11:03:25 2016
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!