API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 19th, 2012
83
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.33 KB | None | 0 0
raw download clone embed print report
  1. root@deor:/etc/firehol# iptables -L
  2. Chain INPUT (policy DROP)
  3. target prot opt source destination
  4. ACCEPT all -- anywhere anywhere
  5. in_world all -- anywhere anywhere
  6. ACCEPT all -- anywhere anywhere state RELATED
  7. LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'IN-unknown:''
  8. DROP all -- anywhere anywhere
  9.  
  10. Chain FORWARD (policy DROP)
  11. target prot opt source destination
  12. ACCEPT all -- anywhere anywhere state RELATED
  13. LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'PASS-unknown:''
  14. DROP all -- anywhere anywhere
  15.  
  16. Chain OUTPUT (policy DROP)
  17. target prot opt source destination
  18. ACCEPT all -- anywhere anywhere
  19. out_world all -- anywhere anywhere
  20. ACCEPT all -- anywhere anywhere state RELATED
  21. LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'OUT-unknown:''
  22. DROP all -- anywhere anywhere
  23.  
  24. Chain in_world (1 references)
  25. target prot opt source destination
  26. pr_world_fragments all -f anywhere anywhere
  27. pr_world_nosyn tcp -- anywhere anywhere state NEW tcp flags:!FIN,SYN,RST,ACK/SYN
  28. pr_world_icmpflood icmp -- anywhere anywhere icmp echo-request
  29. pr_world_synflood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
  30. pr_world_malxmas tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
  31. pr_world_malnull tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
  32. pr_world_malbad tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
  33. pr_world_malbad tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
  34. pr_world_malbad tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
  35. pr_world_malbad tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
  36. DROP all -- anywhere anywhere state INVALID
  37. in_world_all_c1 all -- anywhere anywhere
  38. in_world_irc_c2 all -- anywhere anywhere
  39. in_world_ftp_c3 all -- anywhere anywhere
  40. in_world_ssh_s4 all -- anywhere anywhere
  41. in_world_http_s5 all -- anywhere anywhere
  42. in_world_minecraft_s6 all -- anywhere anywhere
  43. in_world_mcadmin_s7 all -- anywhere anywhere
  44. in_world_ts3_s8 all -- anywhere anywhere
  45. in_world_ts3ft_s9 all -- anywhere anywhere
  46. in_world_ts3sq_s10 all -- anywhere anywhere
  47. in_world_pptp_s11 all -- anywhere anywhere
  48. ACCEPT all -- anywhere anywhere state RELATED
  49. LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `''IN-world':''
  50. DROP all -- anywhere anywhere
  51.  
  52. Chain in_world_all_c1 (1 references)
  53. target prot opt source destination
  54. ACCEPT all -- anywhere anywhere state ESTABLISHED
  55.  
  56. Chain in_world_ftp_c3 (1 references)
  57. target prot opt source destination
  58. ACCEPT tcp -- anywhere anywhere tcp spt:ftp dpts:32768:61000 state ESTABLISHED
  59. ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data dpts:32768:61000 state RELATED,ESTABLISHED
  60. ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:32768:61000 state ESTABLISHED
  61.  
  62. Chain in_world_http_s5 (1 references)
  63. target prot opt source destination
  64. ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:www state NEW,ESTABLISHED
  65.  
  66. Chain in_world_irc_c2 (1 references)
  67. target prot opt source destination
  68. ACCEPT tcp -- anywhere anywhere tcp spt:ircd dpts:32768:61000 state ESTABLISHED
  69.  
  70. Chain in_world_mcadmin_s7 (1 references)
  71. target prot opt source destination
  72. ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:http-alt state NEW,ESTABLISHED
  73.  
  74. Chain in_world_minecraft_s6 (1 references)
  75. target prot opt source destination
  76. ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:25565 state NEW,ESTABLISHED
  77. ACCEPT tcp -- anywhere anywhere tcp spt:25565 dpt:25565 state NEW,ESTABLISHED
  78. ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:25565 state NEW,ESTABLISHED
  79. ACCEPT udp -- anywhere anywhere udp spt:25565 dpt:25565 state NEW,ESTABLISHED
  80.  
  81. Chain in_world_pptp_s11 (1 references)
  82. target prot opt source destination
  83. ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:1723 state NEW,ESTABLISHED
  84. ACCEPT gre -- anywhere anywhere
  85.  
  86. Chain in_world_ssh_s4 (1 references)
  87. target prot opt source destination
  88. ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ssh state NEW,ESTABLISHED
  89.  
  90. Chain in_world_ts3_s8 (1 references)
  91. target prot opt source destination
  92. ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpts:9987:9988 state NEW,ESTABLISHED
  93.  
  94. Chain in_world_ts3ft_s9 (1 references)
  95. target prot opt source destination
  96. ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:30033 state NEW,ESTABLISHED
  97.  
  98. Chain in_world_ts3sq_s10 (1 references)
  99. target prot opt source destination
  100. ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:10011 state NEW,ESTABLISHED
  101.  
  102. Chain out_world (1 references)
  103. target prot opt source destination
  104. out_world_all_c1 all -- anywhere anywhere
  105. out_world_irc_c2 all -- anywhere anywhere
  106. out_world_ftp_c3 all -- anywhere anywhere
  107. out_world_ssh_s4 all -- anywhere anywhere
  108. out_world_http_s5 all -- anywhere anywhere
  109. out_world_minecraft_s6 all -- anywhere anywhere
  110. out_world_mcadmin_s7 all -- anywhere anywhere
  111. out_world_ts3_s8 all -- anywhere anywhere
  112. out_world_ts3ft_s9 all -- anywhere anywhere
  113. out_world_ts3sq_s10 all -- anywhere anywhere
  114. out_world_pptp_s11 all -- anywhere anywhere
  115. ACCEPT all -- anywhere anywhere state RELATED
  116. LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `''OUT-world':''
  117. DROP all -- anywhere anywhere
  118.  
  119. Chain out_world_all_c1 (1 references)
  120. target prot opt source destination
  121. ACCEPT all -- anywhere anywhere state NEW,ESTABLISHED
  122.  
  123. Chain out_world_ftp_c3 (1 references)
  124. target prot opt source destination
  125. ACCEPT tcp -- anywhere anywhere tcp spts:32768:61000 dpt:ftp state NEW,ESTABLISHED
  126. ACCEPT tcp -- anywhere anywhere tcp spts:32768:61000 dpt:ftp-data state ESTABLISHED
  127. ACCEPT tcp -- anywhere anywhere tcp spts:32768:61000 dpts:1024:65535 state RELATED,ESTABLISHED
  128.  
  129. Chain out_world_http_s5 (1 references)
  130. target prot opt source destination
  131. ACCEPT tcp -- anywhere anywhere tcp spt:www dpts:1024:65535 state ESTABLISHED
  132.  
  133. Chain out_world_irc_c2 (1 references)
  134. target prot opt source destination
  135. ACCEPT tcp -- anywhere anywhere tcp spts:32768:61000 dpt:ircd state NEW,ESTABLISHED
  136.  
  137. Chain out_world_mcadmin_s7 (1 references)
  138. target prot opt source destination
  139. ACCEPT tcp -- anywhere anywhere tcp spt:http-alt dpts:1024:65535 state ESTABLISHED
  140.  
  141. Chain out_world_minecraft_s6 (1 references)
  142. target prot opt source destination
  143. ACCEPT tcp -- anywhere anywhere tcp spt:25565 dpts:1024:65535 state ESTABLISHED
  144. ACCEPT tcp -- anywhere anywhere tcp spt:25565 dpt:25565 state ESTABLISHED
  145. ACCEPT udp -- anywhere anywhere udp spt:25565 dpts:1024:65535 state ESTABLISHED
  146. ACCEPT udp -- anywhere anywhere udp spt:25565 dpt:25565 state ESTABLISHED
  147.  
  148. Chain out_world_pptp_s11 (1 references)
  149. target prot opt source destination
  150. ACCEPT tcp -- anywhere anywhere tcp spt:1723 dpts:1024:65535 state ESTABLISHED
  151. ACCEPT gre -- anywhere anywhere
  152.  
  153. Chain out_world_ssh_s4 (1 references)
  154. target prot opt source destination
  155. ACCEPT tcp -- anywhere anywhere tcp spt:ssh dpts:1024:65535 state ESTABLISHED
  156.  
  157. Chain out_world_ts3_s8 (1 references)
  158. target prot opt source destination
  159. ACCEPT udp -- anywhere anywhere udp spts:9987:9988 dpts:1024:65535 state ESTABLISHED
  160.  
  161. Chain out_world_ts3ft_s9 (1 references)
  162. target prot opt source destination
  163. ACCEPT tcp -- anywhere anywhere tcp spt:30033 dpts:1024:65535 state ESTABLISHED
  164.  
  165. Chain out_world_ts3sq_s10 (1 references)
  166. target prot opt source destination
  167. ACCEPT tcp -- anywhere anywhere tcp spt:10011 dpts:1024:65535 state ESTABLISHED
  168.  
  169. Chain pr_world_fragments (1 references)
  170. target prot opt source destination
  171. LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'PACKET FRAGMENTS:''
  172. DROP all -- anywhere anywhere
  173.  
  174. Chain pr_world_icmpflood (1 references)
  175. target prot opt source destination
  176. RETURN all -- anywhere anywhere limit: avg 10/sec burst 10
  177. LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'ICMP FLOOD:''
  178. DROP all -- anywhere anywhere
  179.  
  180. Chain pr_world_malbad (4 references)
  181. target prot opt source destination
  182. LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'MALFORMED BAD:''
  183. DROP all -- anywhere anywhere
  184.  
  185. Chain pr_world_malnull (1 references)
  186. target prot opt source destination
  187. LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'MALFORMED NULL:''
  188. DROP all -- anywhere anywhere
  189.  
  190. Chain pr_world_malxmas (1 references)
  191. target prot opt source destination
  192. LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'MALFORMED XMAS:''
  193. DROP all -- anywhere anywhere
  194.  
  195. Chain pr_world_nosyn (1 references)
  196. target prot opt source destination
  197. LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'NEW TCP w/o SYN:''
  198. DROP all -- anywhere anywhere
  199.  
  200. Chain pr_world_synflood (1 references)
  201. target prot opt source destination
  202. RETURN all -- anywhere anywhere limit: avg 10/sec burst 10
  203. LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'SYN FLOOD:''
  204. DROP all -- anywhere anywhere
  205.  
  206.  
  207. root@deor:/etc/firehol# iptables -t nat -n -L
  208. Chain PREROUTING (policy ACCEPT)
  209. target prot opt source destination
  210.  
  211. Chain POSTROUTING (policy ACCEPT)
  212. target prot opt source destination
  213. SNAT all -- 0.0.0.0/0 0.0.0.0/0 to:11.22.33.44
  214.  
  215. Chain OUTPUT (policy ACCEPT)
  216. target prot opt source destination
  217. root@deor:/etc/firehol#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!