API tools faq
paste
Advertisement
Guest User

iptables -S

a guest
Sep 4th, 2015
108
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.70 KB | None | 0 0
raw download clone embed print report
  1. -P INPUT ACCEPT
  2. -P FORWARD ACCEPT
  3. -P OUTPUT ACCEPT
  4. -N DOCKER
  5. -N FORWARD_IN_ZONES
  6. -N FORWARD_IN_ZONES_SOURCE
  7. -N FORWARD_OUT_ZONES
  8. -N FORWARD_OUT_ZONES_SOURCE
  9. -N FORWARD_direct
  10. -N FWDI_public
  11. -N FWDI_public_allow
  12. -N FWDI_public_deny
  13. -N FWDI_public_log
  14. -N FWDO_public
  15. -N FWDO_public_allow
  16. -N FWDO_public_deny
  17. -N FWDO_public_log
  18. -N INPUT_ZONES
  19. -N INPUT_ZONES_SOURCE
  20. -N INPUT_direct
  21. -N IN_public
  22. -N IN_public_allow
  23. -N IN_public_deny
  24. -N IN_public_log
  25. -N OUTPUT_direct
  26. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  27. -A INPUT -i lo -j ACCEPT
  28. -A INPUT -j INPUT_direct
  29. -A INPUT -j INPUT_ZONES_SOURCE
  30. -A INPUT -j INPUT_ZONES
  31. -A INPUT -p icmp -j ACCEPT
  32. -A INPUT -j REJECT --reject-with icmp-host-prohibited
  33. -A FORWARD -o docker0 -j DOCKER
  34. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  35. -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  36. -A FORWARD -i docker0 -o docker0 -j ACCEPT
  37. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  38. -A FORWARD -i lo -j ACCEPT
  39. -A FORWARD -j FORWARD_direct
  40. -A FORWARD -j FORWARD_IN_ZONES_SOURCE
  41. -A FORWARD -j FORWARD_IN_ZONES
  42. -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
  43. -A FORWARD -j FORWARD_OUT_ZONES
  44. -A FORWARD -p icmp -j ACCEPT
  45. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  46. -A OUTPUT -j OUTPUT_direct
  47. -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5559 -j ACCEPT
  48. -A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 27017 -j ACCEPT
  49. -A DOCKER -d 172.17.0.6/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5559 -j ACCEPT
  50. -A DOCKER -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5559 -j ACCEPT
  51. -A DOCKER -d 172.17.0.8/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5559 -j ACCEPT
  52. -A FORWARD_IN_ZONES -i eth0 -g FWDI_public
  53. -A FORWARD_IN_ZONES -g FWDI_public
  54. -A FORWARD_OUT_ZONES -o eth0 -g FWDO_public
  55. -A FORWARD_OUT_ZONES -g FWDO_public
  56. -A FWDI_public -j FWDI_public_log
  57. -A FWDI_public -j FWDI_public_deny
  58. -A FWDI_public -j FWDI_public_allow
  59. -A FWDO_public -j FWDO_public_log
  60. -A FWDO_public -j FWDO_public_deny
  61. -A FWDO_public -j FWDO_public_allow
  62. -A FWDO_public_allow -j ACCEPT
  63. -A INPUT_ZONES -i eth0 -g IN_public
  64. -A INPUT_ZONES -g IN_public
  65. -A INPUT_direct -p gre -j ACCEPT
  66. -A INPUT_direct -p tcp -m tcp --dport 29019 -j REJECT --reject-with icmp-port-unreachable
  67. -A INPUT_direct -p tcp -m tcp --dport 29019 -j DROP
  68. -A IN_public -j IN_public_log
  69. -A IN_public -j IN_public_deny
  70. -A IN_public -j IN_public_allow
  71. -A IN_public_allow -p tcp -m tcp --dport 1723 -m conntrack --ctstate NEW -j ACCEPT
  72. -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
  73. -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!