Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Generated by iptables-save v1.4.21 on Wed Oct 19 12:24:40 2016
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :FORWARD_IN_ZONES - [0:0]
- :FORWARD_IN_ZONES_SOURCE - [0:0]
- :FORWARD_OUT_ZONES - [0:0]
- :FORWARD_OUT_ZONES_SOURCE - [0:0]
- :FORWARD_direct - [0:0]
- :FWDI_public - [0:0]
- :FWDI_public_allow - [0:0]
- :FWDI_public_deny - [0:0]
- :FWDI_public_log - [0:0]
- :FWDO_public - [0:0]
- :FWDO_public_allow - [0:0]
- :FWDO_public_deny - [0:0]
- :FWDO_public_log - [0:0]
- :INPUT_ZONES - [0:0]
- :INPUT_ZONES_SOURCE - [0:0]
- :INPUT_direct - [0:0]
- :IN_public - [0:0]
- :IN_public_allow - [0:0]
- :IN_public_deny - [0:0]
- :IN_public_log - [0:0]
- :OUTPUT_direct - [0:0]
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -j INPUT_direct
- -A INPUT -j INPUT_ZONES_SOURCE
- -A INPUT -j INPUT_ZONES
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i lo -j ACCEPT
- -A FORWARD -j FORWARD_direct
- -A FORWARD -j FORWARD_IN_ZONES_SOURCE
- -A FORWARD -j FORWARD_IN_ZONES
- -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
- -A FORWARD -j FORWARD_OUT_ZONES
- -A FORWARD -p icmp -j ACCEPT
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
- -A OUTPUT -j OUTPUT_direct
- -A FORWARD_IN_ZONES -i eth0 -g FWDI_public
- -A FORWARD_IN_ZONES -g FWDI_public
- -A FORWARD_OUT_ZONES -o eth0 -g FWDO_public
- -A FORWARD_OUT_ZONES -g FWDO_public
- -A FORWARD_direct -j NFQUEUE --queue-num 0 --queue-bypass
- -A FWDI_public -j FWDI_public_log
- -A FWDI_public -j FWDI_public_deny
- -A FWDI_public -j FWDI_public_allow
- -A FWDO_public -j FWDO_public_log
- -A FWDO_public -j FWDO_public_deny
- -A FWDO_public -j FWDO_public_allow
- -A INPUT_ZONES -i eth0 -g IN_public
- -A INPUT_ZONES -g IN_public
- -A INPUT_direct -j NFQUEUE --queue-num 0 --queue-bypass
- -A IN_public -j IN_public_log
- -A IN_public -j IN_public_deny
- -A IN_public -j IN_public_allow
- -A IN_public_allow -s NET1 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -s NET1 -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -s NET1 -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -s HOST -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j ACCEPT
- -A OUTPUT_direct -j NFQUEUE --queue-num 0 --queue-bypass
- COMMIT
- # Completed on Wed Oct 19 12:24:40 2016
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement