This week only. Pastebin PRO Accounts Christmas Special! Don't miss out!Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Jun 14th, 2012  |  syntax: None  |  size: 1.71 KB  |  views: 50  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. *nat
  2. :PREROUTING ACCEPT [0:0]
  3. :POSTROUTING ACCEPT [0:0]
  4. :OUTPUT ACCEPT [0:0]
  5.  
  6. -A PREROUTING -i eth0 -p tcp -m tcp --dport 50000 -j DNAT --to-destination 10.9.8.214:50000
  7. -A POSTROUTING -o eth0 -j MASQUERADE
  8.  
  9. COMMIT
  10.  
  11. *filter
  12. :INPUT ACCEPT [0:0]
  13. :FORWARD ACCEPT [0:0]
  14. :OUTPUT ACCEPT [0:0]
  15.  
  16. -A INPUT -i lo -j ACCEPT
  17. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  18.  
  19. # Allow ICMP
  20. -A INPUT -s 0.0.0.0/0 -i eth0 -p icmp -m limit --limit  1/s --limit-burst 1 -j ACCEPT
  21. -A INPUT -s 10.9.8.0/255.255.255.0 -i eth1 -p icmp -j ACCEPT
  22. -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix PING-DROP:
  23. -A INPUT -p icmp -j DROP
  24. -A OUTPUT -p icmp -j ACCEPT
  25.  
  26. # SSH Delle
  27. -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
  28. -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP
  29. -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
  30.  
  31. # NTP Delle
  32. -A INPUT -p tcp -m state --state NEW -i eth0 --dport 123 -j ACCEPT
  33.  
  34. # DHCP
  35. -A INPUT -i eth1 -p tcp --sport 68 --dport 67 -j ACCEPT
  36. -A INPUT -i eth1 -p udp --sport 68 --dport 67 -j ACCEPT
  37. -A OUTPUT -o eth1 -p tcp -s 10.9.8.7 --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
  38. -A OUTPUT -o eth1 -p udp -s 10.9.8.7 --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
  39.  
  40. -A INPUT -i eth0 -j DROP
  41.  
  42. # Loopback interface is valid.
  43. -A OUTPUT -o lo -s 0.0.0.0/0  -d 0.0.0.0/0  -j ACCEPT
  44.  
  45. -A FORWARD -i eth0 -p tcp -m tcp --dport 50000 -m state --state NEW -j ACCEPT
  46.  
  47. # Logging af nye pakker skal startes
  48. -A INPUT -m state --state NEW -j LOG --log-prefix -A-LOG --log-level 4
  49. -A OUTPUT -m state --state NEW -j LOG --log-prefix -A-LOG --log-level 4
  50.  
  51. COMMIT
clone this paste RAW Paste Data