API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 25th, 2014
35
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.99 KB | None | 0 0
raw download clone embed print report
  1. pdc:~ # iptables -L
  2. Chain INPUT (policy DROP)
  3. target prot opt source destination
  4. ACCEPT all -- anywhere anywhere
  5. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
  6. input_int all -- anywhere anywhere
  7. input_ext all -- anywhere anywhere
  8. input_ext all -- anywhere anywhere
  9. input_ext all -- anywhere anywhere
  10. LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
  11. DROP all -- anywhere anywhere
  12.  
  13. Chain FORWARD (policy ACCEPT)
  14. target prot opt source destination
  15. TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
  16. forward_int all -- anywhere anywhere
  17. forward_ext all -- anywhere anywhere
  18. forward_ext all -- anywhere anywhere
  19. LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
  20. DROP all -- anywhere anywhere
  21.  
  22. Chain OUTPUT (policy ACCEPT)
  23. target prot opt source destination
  24. ACCEPT all -- anywhere anywhere
  25. ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
  26. LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
  27.  
  28. Chain forward_ext (2 references)
  29. target prot opt source destination
  30. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
  31. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
  32. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
  33. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
  34. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
  35. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
  36. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
  37. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
  38. ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
  39. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
  40. ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
  41. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
  42. LOG tcp -- anywhere ext_domain_name limit: avg 3/min burst 5 tcp dpt:smtp state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDext-ACC-REVMASQ '
  43. ACCEPT tcp -- anywhere ext_domain_name tcp dpt:smtp
  44. ACCEPT tcp -- ext_domain_name anywhere state RELATED,ESTABLISHED
  45. LOG tcp -- anywhere 192.168.10.5 limit: avg 3/min burst 5 tcp dpt:d2k-tapestry2 state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDext-ACC-REVMASQ '
  46. ACCEPT tcp -- anywhere 192.168.10.5 tcp dpt:d2k-tapestry2
  47. ACCEPT tcp -- 192.168.10.5 anywhere state RELATED,ESTABLISHED
  48. LOG tcp -- anywhere 192.168.10.83 limit: avg 3/min burst 5 tcp dpt:dyna-lm state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDext-ACC-REVMASQ '
  49. ACCEPT tcp -- anywhere 192.168.10.83 tcp dpt:dyna-lm
  50. ACCEPT tcp -- 192.168.10.83 anywhere state RELATED,ESTABLISHED
  51. LOG tcp -- anywhere ext_domain_name limit: avg 3/min burst 5 tcp dpt:pptp state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDext-ACC-REVMASQ '
  52. ACCEPT tcp -- anywhere ext_domain_name tcp dpt:pptp
  53. ACCEPT tcp -- ext_domain_name anywhere state RELATED,ESTABLISHED
  54. LOG tcp -- anywhere ext_domain_name limit: avg 3/min burst 5 tcp dpt:http state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDext-ACC-REVMASQ '
  55. ACCEPT tcp -- anywhere ext_domain_name tcp dpt:http
  56. ACCEPT tcp -- ext_domain_name anywhere state RELATED,ESTABLISHED
  57. LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
  58. DROP all -- anywhere anywhere PKTTYPE = multicast
  59. LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
  60. LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
  61. LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
  62. LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV '
  63. DROP all -- anywhere anywhere
  64.  
  65. Chain forward_int (1 references)
  66. target prot opt source destination
  67. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
  68. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
  69. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
  70. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
  71. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
  72. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
  73. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
  74. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
  75. ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
  76. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
  77. ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
  78. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
  79. LOG tcp -- anywhere ext_domain_name limit: avg 3/min burst 5 tcp dpt:smtp state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDint-ACC-REVMASQ '
  80. ACCEPT tcp -- anywhere ext_domain_name tcp dpt:smtp
  81. ACCEPT tcp -- ext_domain_name anywhere state RELATED,ESTABLISHED
  82. LOG tcp -- anywhere 192.168.10.5 limit: avg 3/min burst 5 tcp dpt:d2k-tapestry2 state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDint-ACC-REVMASQ '
  83. ACCEPT tcp -- anywhere 192.168.10.5 tcp dpt:d2k-tapestry2
  84. ACCEPT tcp -- 192.168.10.5 anywhere state RELATED,ESTABLISHED
  85. LOG tcp -- anywhere 192.168.10.83 limit: avg 3/min burst 5 tcp dpt:dyna-lm state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDint-ACC-REVMASQ '
  86. ACCEPT tcp -- anywhere 192.168.10.83 tcp dpt:dyna-lm
  87. ACCEPT tcp -- 192.168.10.83 anywhere state RELATED,ESTABLISHED
  88. LOG tcp -- anywhere ext_domain_name limit: avg 3/min burst 5 tcp dpt:pptp state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDint-ACC-REVMASQ '
  89. ACCEPT tcp -- anywhere ext_domain_name tcp dpt:pptp
  90. ACCEPT tcp -- ext_domain_name anywhere state RELATED,ESTABLISHED
  91. LOG tcp -- anywhere ext_domain_name limit: avg 3/min burst 5 tcp dpt:http state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDint-ACC-REVMASQ '
  92. ACCEPT tcp -- anywhere ext_domain_name tcp dpt:http
  93. ACCEPT tcp -- ext_domain_name anywhere state RELATED,ESTABLISHED
  94. LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
  95. DROP all -- anywhere anywhere PKTTYPE = multicast
  96. LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
  97. LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
  98. LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
  99. LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV '
  100. DROP all -- anywhere anywhere
  101.  
  102. Chain input_ext (3 references)
  103. target prot opt source destination
  104. DROP all -- anywhere anywhere PKTTYPE = broadcast
  105. ACCEPT icmp -- anywhere anywhere icmp source-quench
  106. ACCEPT icmp -- anywhere anywhere icmp echo-request
  107. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
  108. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
  109. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
  110. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
  111. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
  112. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
  113. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
  114. ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
  115. LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:d2k-tapestry2 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
  116. ACCEPT tcp -- anywhere anywhere tcp dpt:d2k-tapestry2
  117. LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:dyna-lm flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
  118. ACCEPT tcp -- anywhere anywhere tcp dpt:dyna-lm
  119. LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:wwiotalk flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
  120. ACCEPT tcp -- anywhere anywhere tcp dpt:wwiotalk
  121. LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
  122. ACCEPT tcp -- anywhere anywhere tcp dpt:http
  123. LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
  124. ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
  125. LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
  126. ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
  127. ACCEPT udp -- anywhere anywhere udp dpt:wwiotalk
  128. reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW
  129. LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
  130. DROP all -- anywhere anywhere PKTTYPE = multicast
  131. LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
  132. LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
  133. LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
  134. LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
  135. DROP all -- anywhere anywhere
  136.  
  137. Chain input_int (1 references)
  138. target prot opt source destination
  139. ACCEPT all -- anywhere anywhere
  140.  
  141. Chain reject_func (1 references)
  142. target prot opt source destination
  143. REJECT tcp -- anywhere anywhere reject-with tcp-reset
  144. REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
  145. REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!