API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 27th, 2014
132
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.70 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.4.19.1 on Thu Nov 27 18:33:01 2014
  2. *nat
  3. :PREROUTING ACCEPT [1262:196882]
  4. :INPUT ACCEPT [64:17328]
  5. :OUTPUT ACCEPT [286:34349]
  6. :POSTROUTING ACCEPT [1:60]
  7. :OUTPUT_direct - [0:0]
  8. :POSTROUTING_ZONES - [0:0]
  9. :POSTROUTING_ZONES_SOURCE - [0:0]
  10. :POSTROUTING_direct - [0:0]
  11. :POST_internal - [0:0]
  12. :POST_internal_allow - [0:0]
  13. :POST_internal_deny - [0:0]
  14. :POST_internal_log - [0:0]
  15. :POST_public - [0:0]
  16. :POST_public_allow - [0:0]
  17. :POST_public_deny - [0:0]
  18. :POST_public_log - [0:0]
  19. :PREROUTING_ZONES - [0:0]
  20. :PREROUTING_ZONES_SOURCE - [0:0]
  21. :PREROUTING_direct - [0:0]
  22. :PRE_internal - [0:0]
  23. :PRE_internal_allow - [0:0]
  24. :PRE_internal_deny - [0:0]
  25. :PRE_internal_log - [0:0]
  26. :PRE_public - [0:0]
  27. :PRE_public_allow - [0:0]
  28. :PRE_public_deny - [0:0]
  29. :PRE_public_log - [0:0]
  30. [17264:3046235] -A PREROUTING -j PREROUTING_direct
  31. [17262:3045895] -A PREROUTING -j PREROUTING_ZONES_SOURCE
  32. [17262:3045895] -A PREROUTING -j PREROUTING_ZONES
  33. [3044:463500] -A OUTPUT -j OUTPUT_direct
  34. [28:1633] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 23.92.76.239
  35. [3044:463500] -A POSTROUTING -j POSTROUTING_direct
  36. [3044:463500] -A POSTROUTING -j POSTROUTING_ZONES_SOURCE
  37. [3044:463500] -A POSTROUTING -j POSTROUTING_ZONES
  38. [3002:453189] -A POSTROUTING_ZONES -o eth0 -g POST_public
  39. [0:0] -A POSTROUTING_ZONES -o tun0 -g POST_internal
  40. [9:698] -A POSTROUTING_ZONES -g POST_public
  41. [0:0] -A POST_internal -j POST_internal_log
  42. [0:0] -A POST_internal -j POST_internal_deny
  43. [0:0] -A POST_internal -j POST_internal_allow
  44. [3011:453887] -A POST_public -j POST_public_log
  45. [3011:453887] -A POST_public -j POST_public_deny
  46. [3011:453887] -A POST_public -j POST_public_allow
  47. [285:34289] -A POST_public_allow ! -i lo -j MASQUERADE
  48. [16504:2866330] -A PREROUTING_ZONES -i eth0 -g PRE_public
  49. [305:19912] -A PREROUTING_ZONES -i tun0 -g PRE_internal
  50. [0:0] -A PREROUTING_ZONES -g PRE_public
  51. [305:19912] -A PRE_internal -j PRE_internal_log
  52. [305:19912] -A PRE_internal -j PRE_internal_deny
  53. [305:19912] -A PRE_internal -j PRE_internal_allow
  54. [16504:2866330] -A PRE_public -j PRE_public_log
  55. [16504:2866330] -A PRE_public -j PRE_public_deny
  56. [16504:2866330] -A PRE_public -j PRE_public_allow
  57. COMMIT
  58. # Completed on Thu Nov 27 18:33:01 2014
  59. # Generated by iptables-save v1.4.19.1 on Thu Nov 27 18:33:01 2014
  60. *mangle
  61. :PREROUTING ACCEPT [62542:28247591]
  62. :INPUT ACCEPT [62045:28165024]
  63. :FORWARD ACCEPT [494:82377]
  64. :OUTPUT ACCEPT [62520:34948561]
  65. :POSTROUTING ACCEPT [62737:35012659]
  66. :FORWARD_direct - [0:0]
  67. :INPUT_direct - [0:0]
  68. :OUTPUT_direct - [0:0]
  69. :POSTROUTING_direct - [0:0]
  70. :PREROUTING_ZONES - [0:0]
  71. :PREROUTING_ZONES_SOURCE - [0:0]
  72. :PREROUTING_direct - [0:0]
  73. :PRE_internal - [0:0]
  74. :PRE_internal_allow - [0:0]
  75. :PRE_internal_deny - [0:0]
  76. :PRE_internal_log - [0:0]
  77. :PRE_public - [0:0]
  78. :PRE_public_allow - [0:0]
  79. :PRE_public_deny - [0:0]
  80. :PRE_public_log - [0:0]
  81. [63359:28508453] -A PREROUTING -j PREROUTING_direct
  82. [63354:28506537] -A PREROUTING -j PREROUTING_ZONES_SOURCE
  83. [63345:28498849] -A PREROUTING -j PREROUTING_ZONES
  84. [62845:28414647] -A INPUT -j INPUT_direct
  85. [494:82377] -A FORWARD -j FORWARD_direct
  86. [63357:35495765] -A OUTPUT -j OUTPUT_direct
  87. [63579:35561218] -A POSTROUTING -j POSTROUTING_direct
  88. [62087:28195727] -A PREROUTING_ZONES -i eth0 -g PRE_public
  89. [409:36362] -A PREROUTING_ZONES -i tun0 -g PRE_internal
  90. [88:29909] -A PREROUTING_ZONES -g PRE_public
  91. [409:36362] -A PRE_internal -j PRE_internal_log
  92. [409:36362] -A PRE_internal -j PRE_internal_deny
  93. [409:36362] -A PRE_internal -j PRE_internal_allow
  94. [62175:28225636] -A PRE_public -j PRE_public_log
  95. [62175:28225636] -A PRE_public -j PRE_public_deny
  96. [62175:28225636] -A PRE_public -j PRE_public_allow
  97. COMMIT
  98. # Completed on Thu Nov 27 18:33:01 2014
  99. # Generated by iptables-save v1.4.19.1 on Thu Nov 27 18:33:01 2014
  100. *security
  101. :INPUT ACCEPT [45821:25876296]
  102. :FORWARD ACCEPT [218:64138]
  103. :OUTPUT ACCEPT [63384:35508180]
  104. :FORWARD_direct - [0:0]
  105. :INPUT_direct - [0:0]
  106. :OUTPUT_direct - [0:0]
  107. [45832:25886304] -A INPUT -j INPUT_direct
  108. [218:64138] -A FORWARD -j FORWARD_direct
  109. [63389:35509629] -A OUTPUT -j OUTPUT_direct
  110. COMMIT
  111. # Completed on Thu Nov 27 18:33:01 2014
  112. # Generated by iptables-save v1.4.19.1 on Thu Nov 27 18:33:01 2014
  113. *raw
  114. :PREROUTING ACCEPT [63385:28523218]
  115. :OUTPUT ACCEPT [63397:35514454]
  116. :OUTPUT_direct - [0:0]
  117. :PREROUTING_direct - [0:0]
  118. [63391:28528004] -A PREROUTING -j PREROUTING_direct
  119. [63397:35514454] -A OUTPUT -j OUTPUT_direct
  120. COMMIT
  121. # Completed on Thu Nov 27 18:33:01 2014
  122. # Generated by iptables-save v1.4.19.1 on Thu Nov 27 18:33:01 2014
  123. *filter
  124. :INPUT ACCEPT [0:0]
  125. :FORWARD ACCEPT [0:0]
  126. :OUTPUT ACCEPT [5878:3558558]
  127. :FORWARD_IN_ZONES - [0:0]
  128. :FORWARD_IN_ZONES_SOURCE - [0:0]
  129. :FORWARD_OUT_ZONES - [0:0]
  130. :FORWARD_OUT_ZONES_SOURCE - [0:0]
  131. :FORWARD_direct - [0:0]
  132. :FWDI_internal - [0:0]
  133. :FWDI_internal_allow - [0:0]
  134. :FWDI_internal_deny - [0:0]
  135. :FWDI_internal_log - [0:0]
  136. :FWDI_public - [0:0]
  137. :FWDI_public_allow - [0:0]
  138. :FWDI_public_deny - [0:0]
  139. :FWDI_public_log - [0:0]
  140. :FWDO_internal - [0:0]
  141. :FWDO_internal_allow - [0:0]
  142. :FWDO_internal_deny - [0:0]
  143. :FWDO_internal_log - [0:0]
  144. :FWDO_public - [0:0]
  145. :FWDO_public_allow - [0:0]
  146. :FWDO_public_deny - [0:0]
  147. :FWDO_public_log - [0:0]
  148. :INPUT_ZONES - [0:0]
  149. :INPUT_ZONES_SOURCE - [0:0]
  150. :INPUT_direct - [0:0]
  151. :IN_internal - [0:0]
  152. :IN_internal_allow - [0:0]
  153. :IN_internal_deny - [0:0]
  154. :IN_internal_log - [0:0]
  155. :IN_public - [0:0]
  156. :IN_public_allow - [0:0]
  157. :IN_public_deny - [0:0]
  158. :IN_public_log - [0:0]
  159. :OUTPUT_direct - [0:0]
  160. [44701:25448510] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  161. [9:698] -A INPUT -i lo -j ACCEPT
  162. [18286:3112054] -A INPUT -j INPUT_direct
  163. [18286:3112054] -A INPUT -j INPUT_ZONES_SOURCE
  164. [18286:3112054] -A INPUT -j INPUT_ZONES
  165. [12:988] -A INPUT -p icmp -j ACCEPT
  166. [17077:2557849] -A INPUT -j REJECT --reject-with icmp-host-prohibited
  167. [157:59857] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  168. [0:0] -A FORWARD -i lo -j ACCEPT
  169. [338:22560] -A FORWARD -j FORWARD_direct
  170. [338:22560] -A FORWARD -j FORWARD_IN_ZONES_SOURCE
  171. [338:22560] -A FORWARD -j FORWARD_IN_ZONES
  172. [338:22560] -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
  173. [338:22560] -A FORWARD -j FORWARD_OUT_ZONES
  174. [0:0] -A FORWARD -p icmp -j ACCEPT
  175. [277:18279] -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  176. [63414:35520489] -A OUTPUT -j OUTPUT_direct
  177. [0:0] -A FORWARD_IN_ZONES -i eth0 -g FWDI_public
  178. [338:22560] -A FORWARD_IN_ZONES -i tun0 -g FWDI_internal
  179. [0:0] -A FORWARD_IN_ZONES -g FWDI_public
  180. [338:22560] -A FORWARD_OUT_ZONES -o eth0 -g FWDO_public
  181. [0:0] -A FORWARD_OUT_ZONES -o tun0 -g FWDO_internal
  182. [0:0] -A FORWARD_OUT_ZONES -g FWDO_public
  183. [338:22560] -A FWDI_internal -j FWDI_internal_log
  184. [338:22560] -A FWDI_internal -j FWDI_internal_deny
  185. [338:22560] -A FWDI_internal -j FWDI_internal_allow
  186. [0:0] -A FWDI_public -j FWDI_public_log
  187. [0:0] -A FWDI_public -j FWDI_public_deny
  188. [0:0] -A FWDI_public -j FWDI_public_allow
  189. [0:0] -A FWDO_internal -j FWDO_internal_log
  190. [0:0] -A FWDO_internal -j FWDO_internal_deny
  191. [0:0] -A FWDO_internal -j FWDO_internal_allow
  192. [338:22560] -A FWDO_public -j FWDO_public_log
  193. [338:22560] -A FWDO_public -j FWDO_public_deny
  194. [338:22560] -A FWDO_public -j FWDO_public_allow
  195. [61:4281] -A FWDO_public_allow -j ACCEPT
  196. [17744:2945084] -A INPUT_ZONES -i eth0 -g IN_public
  197. [0:0] -A INPUT_ZONES -i tun0 -g IN_internal
  198. [0:0] -A INPUT_ZONES -g IN_public
  199. [0:0] -A IN_internal -j IN_internal_log
  200. [0:0] -A IN_internal -j IN_internal_deny
  201. [0:0] -A IN_internal -j IN_internal_allow
  202. [0:0] -A IN_internal_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW -j ACCEPT
  203. [0:0] -A IN_internal_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
  204. [0:0] -A IN_internal_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW -j ACCEPT
  205. [0:0] -A IN_internal_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW -j ACCEPT
  206. [0:0] -A IN_internal_allow -p udp -m udp --dport 1194 -m conntrack --ctstate NEW -j ACCEPT
  207. [17744:2945084] -A IN_public -j IN_public_log
  208. [17744:2945084] -A IN_public -j IN_public_deny
  209. [17744:2945084] -A IN_public -j IN_public_allow
  210. [0:0] -A IN_public_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW -j ACCEPT
  211. [20:1160] -A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
  212. [32:1540] -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
  213. [1131:549030] -A IN_public_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
  214. [2:84] -A IN_public_allow -p udp -m udp --dport 1194 -m conntrack --ctstate NEW -j ACCEPT
  215. [0:0] -A IN_public_allow -p tcp -m tcp --dport 6379 -m conntrack --ctstate NEW -j ACCEPT
  216. [9:468] -A IN_public_allow -p tcp -m tcp --dport 8887 -m conntrack --ctstate NEW -j ACCEPT
  217. COMMIT
  218. # Completed on Thu Nov 27 18:33:01 2014
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!