API tools faq
paste
Advertisement
Guest User

iptables; iptables.save; iptables-config

a guest
Jul 17th, 2013
44
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.55 KB | None | 0 0
raw download clone embed print report
  1. [root@fst sysconfig]# cat /etc/sysconfig/iptables
  2. # Generated by iptables-save v1.4.7 on Wed Jul 17 03:27:43 2013
  3. *filter
  4. :INPUT ACCEPT [0:0]
  5. :FORWARD ACCEPT [0:0]
  6. :OUTPUT ACCEPT [1354:358976]
  7. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  8. -A INPUT -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  9. -A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
  10. -A INPUT -p tcp -m tcp -m multiport --dports 22,80,8080,443,25,143,587,993,465 -j ACCEPT
  11. -A INPUT -p tcp -m tcp -m multiport --dports 25565,35565,8123 -j ACCEPT
  12. -A INPUT -p tcp -m tcp -m multiport --dports 10000,7070 -j ACCEPT
  13. -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
  14. -A INPUT -j DROP
  15. COMMIT
  16. # Completed on Wed Jul 17 03:27:43 2013
  17. # Generated by iptables-save v1.4.7 on Wed Jul 17 03:27:43 2013
  18. *mangle
  19. :PREROUTING ACCEPT [1419:342372]
  20. :INPUT ACCEPT [1415:341909]
  21. :FORWARD ACCEPT [0:0]
  22. :OUTPUT ACCEPT [1354:358976]
  23. :POSTROUTING ACCEPT [1354:358976]
  24. COMMIT
  25. # Completed on Wed Jul 17 03:27:43 2013
  26. # Generated by iptables-save v1.4.7 on Wed Jul 17 03:27:43 2013
  27. *nat
  28. :PREROUTING ACCEPT [63:10062]
  29. :POSTROUTING ACCEPT [37:2306]
  30. :OUTPUT ACCEPT [37:2306]
  31. COMMIT
  32. # Completed on Wed Jul 17 03:27:43 2013
  33. [root@fst sysconfig]# cat /etc/sysconfig/iptables.save
  34. # Generated by iptables-save v1.4.7 on Tue Jul 16 02:10:33 2013
  35. *nat
  36. :PREROUTING ACCEPT [210:10758]
  37. :POSTROUTING ACCEPT [20:1470]
  38. :OUTPUT ACCEPT [20:1470]
  39. COMMIT
  40. # Completed on Tue Jul 16 02:10:33 2013
  41. # Generated by iptables-save v1.4.7 on Tue Jul 16 02:10:33 2013
  42. *mangle
  43. :PREROUTING ACCEPT [14630:5594148]
  44. :INPUT ACCEPT [14630:5594148]
  45. :FORWARD ACCEPT [0:0]
  46. :OUTPUT ACCEPT [14630:5594281]
  47. :POSTROUTING ACCEPT [14630:5594281]
  48. COMMIT
  49. # Completed on Tue Jul 16 02:10:33 2013
  50. # Generated by iptables-save v1.4.7 on Tue Jul 16 02:10:33 2013
  51. *filter
  52. :FORWARD ACCEPT [0:0]
  53. :INPUT ACCEPT [0:0]
  54. :OUTPUT ACCEPT [0:0]
  55. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  56. -A INPUT -p icmp -m icmp -m state --icmp-type echo-reply --state ESTABLISHED,RELATED -j ACCEPT
  57. -A INPUT -p icmp -m icmp -m state --icmp-type echo-request --state NEW,ESTABLISHED,RELATED -j ACCEPT
  58. -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 22,80,8080,443,25,143,587,993,465
  59. # minecraft
  60. -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 25565,35565,8123
  61. # webmin
  62. -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 10000,7070
  63. # mysql
  64. -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
  65. -A INPUT -j DROP
  66. COMMIT
  67. # Completed on Tue Jul 16 02:10:33 2013
  68. [root@fst sysconfig]# cat /etc/sysconfig/iptables-config
  69. # Load additional iptables modules (nat helpers)
  70. # Default: -none-
  71. # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
  72. # are loaded after the firewall rules are applied. Options for the helpers are
  73. # stored in /etc/modprobe.conf.
  74. IPTABLES_MODULES=""
  75.  
  76. # Unload modules on restart and stop
  77. # Value: yes|no, default: yes
  78. # This option has to be 'yes' to get to a sane state for a firewall
  79. # restart or stop. Only set to 'no' if there are problems unloading netfilter
  80. # modules.
  81. IPTABLES_MODULES_UNLOAD="yes"
  82.  
  83. # Save current firewall rules on stop.
  84. # Value: yes|no, default: no
  85. # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
  86. # (e.g. on system shutdown).
  87. IPTABLES_SAVE_ON_STOP="no"
  88.  
  89. # Save current firewall rules on restart.
  90. # Value: yes|no, default: no
  91. # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
  92. # restarted.
  93. IPTABLES_SAVE_ON_RESTART="no"
  94.  
  95. # Save (and restore) rule and chain counter.
  96. # Value: yes|no, default: no
  97. # Save counters for rules and chains to /etc/sysconfig/iptables if
  98. # 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
  99. # SAVE_ON_RESTART is enabled.
  100. IPTABLES_SAVE_COUNTER="no"
  101.  
  102. # Numeric status output
  103. # Value: yes|no, default: yes
  104. # Print IP addresses and port numbers in numeric format in the status output.
  105. IPTABLES_STATUS_NUMERIC="yes"
  106.  
  107. # Verbose status output
  108. # Value: yes|no, default: yes
  109. # Print info about the number of packets and bytes plus the "input-" and
  110. # "outputdevice" in the status output.
  111. IPTABLES_STATUS_VERBOSE="no"
  112.  
  113. # Status output with numbered lines
  114. # Value: yes|no, default: yes
  115. # Print a counter/number for every rule in the status output.
  116. IPTABLES_STATUS_LINENUMBERS="yes"
  117.  
  118. # Reload sysctl settings on start and restart
  119. # Default: -none-
  120. # Space separated list of sysctl items which are to be reloaded on start.
  121. # List items will be matched by fgrep.
  122. #IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!