Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Generated by iptables-save v1.4.15 on Fri May 2 14:06:08 2014
- *nat
- :PREROUTING ACCEPT [0:0]
- :INPUT ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- -A OUTPUT -m comment --comment "Redirect DNS queries to Google DNS to Jolla's local resolver"
- -A OUTPUT -d 8.8.8.8/32 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
- -A OUTPUT -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
- -A OUTPUT -d 8.8.4.4/32 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
- -A OUTPUT -d 8.8.4.4/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
- COMMIT
- # Completed on Fri May 2 14:06:08 2014
- # Generated by iptables-save v1.4.15 on Fri May 2 14:06:08 2014
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [1435:203702]
- -A INPUT -m conntrack --ctstate INVALID -j DROP
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -i wlan0 -p tcp -m tcp --dport 22 -m comment --comment "Allow SSH from WLAN"-j ACCEPT
- -A INPUT -i wlan0 -p icmp -m icmp --icmp-type 8 -m comment --comment "Allow ping from WLAN" -j ACCEPT
- -A INPUT -i tether -p udp -m udp --sport 68 --dport 67 -m comment --comment "Allow DHCP from tethering" -j ACCEPT
- -A INPUT -s 192.168.0.0/16 -i tether -p udp -m udp --dport 53 -m comment --comment "Allow DNS/udp queries from tethering" -j ACCEPT
- -A INPUT -s 192.168.0.0/16 -i tether -p tcp -m tcp --dport 53 -m comment --comment "Allow DNS/tcp queries from tethering" -j ACCEPT
- -A INPUT -i rndis0 -p tcp -m tcp --dport 22 -m comment --comment "Allow SSH from USB dev.mode" -j ACCEPT
- -A INPUT -i rndis0 -p icmp -m icmp --icmp-type 8 -m comment --comment "Allow ping from USB dev.mode" -j ACCEPT
- -A INPUT -m pkttype --pkt-type broadcast -j DROP
- -A INPUT -m pkttype --pkt-type multicast -j DROP
- -A INPUT -d 224.0.0.1/32 -p igmp -j DROP
- -A INPUT -j LOG --log-prefix "Firewall [IN:DROP] "
- -A INPUT -j DROP
- -A FORWARD -m conntrack --ctstate INVALID -j DROP
- -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -s 192.168.0.0/16 -i tether -m conntrack --ctstate NEW -m comment --comment "Allow tether to access Internet" -j ACCEPT
- -A FORWARD -j LOG --log-prefix "Firewall [FWD:DROP] "
- -A FORWARD -j DROP
- COMMIT
- # Completed on Fri May 2 14:06:08 2014
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement