API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 27th, 2016
106
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.40 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.4.10 on Mon Jul 25 12:06:11 2016
  2. *raw
  3. :PREROUTING ACCEPT [2477314:253492469]
  4. :OUTPUT ACCEPT [1299014:192455111]
  5. :STD_OUTPUT - [0:0]
  6. :STD_PREROUTING - [0:0]
  7. -A PREROUTING -j STD_PREROUTING
  8. -A OUTPUT -j STD_OUTPUT
  9. COMMIT
  10. # Completed on Mon Jul 25 12:06:11 2016
  11. # Generated by iptables-save v1.4.10 on Mon Jul 25 12:06:11 2016
  12. *nat
  13. :PREROUTING ACCEPT [384492:32303572]
  14. :INPUT ACCEPT [35:7720]
  15. :OUTPUT ACCEPT [129190:7754722]
  16. :POSTROUTING ACCEPT [129153:7752100]
  17. :STD_OUTPUT - [0:0]
  18. :STD_POSTROUTING - [0:0]
  19. :STD_PREROUTING - [0:0]
  20. -A PREROUTING -j STD_PREROUTING
  21. -A OUTPUT -j STD_OUTPUT
  22. -A POSTROUTING -j STD_POSTROUTING
  23. COMMIT
  24. # Completed on Mon Jul 25 12:06:11 2016
  25. # Generated by iptables-save v1.4.10 on Mon Jul 25 12:06:11 2016
  26. *mangle
  27. :PREROUTING ACCEPT [2477317:253492589]
  28. :INPUT ACCEPT [1246924:150139633]
  29. :FORWARD ACCEPT [695948:58459632]
  30. :OUTPUT ACCEPT [1299017:192455291]
  31. :POSTROUTING ACCEPT [1994890:250909109]
  32. :STD_FORWARD - [0:0]
  33. :STD_INPUT - [0:0]
  34. :STD_OUTPUT - [0:0]
  35. :STD_POSTROUTING - [0:0]
  36. :STD_PREROUTING - [0:0]
  37. -A PREROUTING -j STD_PREROUTING
  38. -A INPUT -j STD_INPUT
  39. -A FORWARD -j STD_FORWARD
  40. -A OUTPUT -j STD_OUTPUT
  41. -A POSTROUTING -j STD_POSTROUTING
  42. COMMIT
  43. # Completed on Mon Jul 25 12:06:11 2016
  44. # Generated by iptables-save v1.4.10 on Mon Jul 25 12:06:11 2016
  45. *filter
  46. :INPUT DROP [252:22688]
  47. :FORWARD DROP [0:0]
  48. :OUTPUT DROP [75:5814]
  49. :LOCAL_RED_ - [0:0]
  50. :MCAST_ - [0:0]
  51. :PEERS_ - [0:0]
  52. :REGAUTH_ - [0:0]
  53. :REMOTE_RED_ - [0:0]
  54. :STD_FORWARD - [0:0]
  55. :STD_INPUT - [0:0]
  56. :STD_OUTPUT - [0:0]
  57. :TUNNEL_ - [0:0]
  58. :USER_FORWARD - [0:0]
  59. :USER_INPUT - [0:0]
  60. :USER_OUTPUT - [0:0]
  61. -A INPUT -j USER_INPUT
  62. -A INPUT -j STD_INPUT
  63. -A INPUT -i dbg -j ACCEPT
  64. -A FORWARD -j USER_FORWARD
  65. -A FORWARD -j STD_FORWARD
  66. -A OUTPUT -j USER_OUTPUT
  67. -A OUTPUT -j STD_OUTPUT
  68. -A OUTPUT -o dbg -j ACCEPT
  69. -A LOCAL_RED_ -s 192.168.3.0/24 -j MARK --set-xmark 0x1/0x1
  70. -A LOCAL_RED_ -d 192.168.3.0/24 -j MARK --set-xmark 0x2/0x2
  71. -A MCAST_ -s 224.0.0.0/4 -j MARK --set-xmark 0x1/0x1
  72. -A MCAST_ -d 224.0.0.0/4 -j MARK --set-xmark 0x2/0x2
  73. -A PEERS_ -s xy.189.68.250/32 -j MARK --set-xmark 0x1/0x1
  74. -A PEERS_ -d xy.189.68.250/32 -j MARK --set-xmark 0x2/0x2
  75. -A PEERS_ -s abc.138.78.6/32 -j MARK --set-xmark 0x1/0x1
  76. -A PEERS_ -d abc.138.78.6/32 -j MARK --set-xmark 0x2/0x2
  77. -A PEERS_ -s gh.0.0.2/32 -j MARK --set-xmark 0x1/0x1
  78. -A PEERS_ -d gh.0.0.2/32 -j MARK --set-xmark 0x2/0x2
  79. -A REGAUTH_ -s xy.189.68.250/32 -j MARK --set-xmark 0x1/0x1
  80. -A REGAUTH_ -d xy.189.68.250/32 -j MARK --set-xmark 0x2/0x2
  81. -A REMOTE_RED_ -s 192.168.99.0/24 -j MARK --set-xmark 0x1/0x1
  82. -A REMOTE_RED_ -d 192.168.99.0/24 -j MARK --set-xmark 0x2/0x2
  83. -A REMOTE_RED_ -s 192.168.111.0/24 -j MARK --set-xmark 0x1/0x1
  84. -A REMOTE_RED_ -d 192.168.111.0/24 -j MARK --set-xmark 0x2/0x2
  85. -A STD_FORWARD -j MARK --set-xmark 0x0/0xffffffff
  86. -A STD_FORWARD -j MARK --set-xmark 0x8/0xffffffff
  87. -A STD_FORWARD -j REMOTE_RED_
  88. -A STD_FORWARD -m mark --mark 0x1/0x1 -j MARK --set-xmark 0x4/0x4
  89. -A STD_FORWARD -j LOCAL_RED_
  90. -A STD_FORWARD -m mark --mark 0xe/0xe -j ACCEPT
  91. -A STD_FORWARD -j MARK --set-xmark 0x0/0xffffffff
  92. -A STD_FORWARD -j MARK --set-xmark 0x8/0xffffffff
  93. -A STD_FORWARD -j LOCAL_RED_
  94. -A STD_FORWARD -m mark --mark 0x1/0x1 -j MARK --set-xmark 0x4/0x4
  95. -A STD_FORWARD -j REMOTE_RED_
  96. -A STD_FORWARD -m mark --mark 0xe/0xe -j ACCEPT
  97. -A STD_FORWARD -j MARK --set-xmark 0x0/0xffffffff
  98. -A STD_FORWARD -j MARK --set-xmark 0x8/0xffffffff
  99. -A STD_FORWARD -j LOCAL_RED_
  100. -A STD_FORWARD -m mark --mark 0x1/0x1 -j MARK --set-xmark 0x4/0x4
  101. -A STD_FORWARD -j MCAST_
  102. -A STD_FORWARD -m mark --mark 0xe/0xe -j ACCEPT
  103. -A STD_FORWARD -j MARK --set-xmark 0x0/0xffffffff
  104. -A STD_FORWARD -j MARK --set-xmark 0x8/0xffffffff
  105. -A STD_FORWARD -j REMOTE_RED_
  106. -A STD_FORWARD -m mark --mark 0x1/0x1 -j MARK --set-xmark 0x4/0x4
  107. -A STD_FORWARD -j MCAST_
  108. -A STD_FORWARD -m mark --mark 0xe/0xe -j ACCEPT
  109. -A STD_FORWARD -j MARK --set-xmark 0x0/0xffffffff
  110. -A STD_FORWARD -j TUNNEL_
  111. -A STD_FORWARD -m mark --mark 0x1/0x1 -j ACCEPT
  112. -A STD_FORWARD -j MARK --set-xmark 0x0/0xffffffff
  113. -A STD_FORWARD -j TUNNEL_
  114. -A STD_FORWARD -m mark --mark 0x2/0x2 -j ACCEPT
  115. -A STD_INPUT -p icmp -m limit --limit 1/sec -j ACCEPT
  116. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  117. -A STD_INPUT -i black -p esp -j PEERS_
  118. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  119. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  120. -A STD_INPUT -i black -p ipencap -j PEERS_
  121. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  122. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  123. -A STD_INPUT -i black -p tcp -m tcp --dport 500 -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 2 --rttl --name PEERIPSEC --rsource -j PEERS_
  124. -A STD_INPUT -m mark --mark 0x1/0x1 -j DROP
  125. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  126. -A STD_INPUT -i black -p tcp -m tcp --dport 500 -m state --state NEW -m recent --set --name PEERIPSEC --rsource -j PEERS_
  127. -A STD_INPUT -m mark --mark 0x1/0x1
  128. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  129. -A STD_INPUT -i black -p tcp -m tcp --dport 500 -j PEERS_
  130. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  131. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  132. -A STD_INPUT -i black -p udp -m udp --dport 500 -j PEERS_
  133. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  134. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  135. -A STD_INPUT -i black -p tcp -m tcp --dport 4500 -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 2 --rttl --name PEERIPSECNAT --rsource -j PEERS_
  136. -A STD_INPUT -m mark --mark 0x1/0x1 -j DROP
  137. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  138. -A STD_INPUT -i black -p tcp -m tcp --dport 4500 -m state --state NEW -m recent --set --name PEERIPSECNAT --rsource -j PEERS_
  139. -A STD_INPUT -m mark --mark 0x1/0x1
  140. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  141. -A STD_INPUT -i black -p tcp -m tcp --dport 4500 -j PEERS_
  142. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  143. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  144. -A STD_INPUT -i black -p udp -m udp --dport 4500 -j PEERS_
  145. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  146. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  147. -A STD_INPUT -i red -j MCAST_
  148. -A STD_INPUT -m mark --mark 0x2/0x2 -j ACCEPT
  149. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  150. -A STD_INPUT -i gre+ -j MCAST_
  151. -A STD_INPUT -m mark --mark 0x2/0x2 -j ACCEPT
  152. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  153. -A STD_INPUT -i black -p igmp -j MARK --set-xmark 0x8/0xffffffff
  154. -A STD_INPUT -j TUNNEL_
  155. -A STD_INPUT -m mark --mark 0x1/0x1 -j MARK --set-xmark 0x4/0x4
  156. -A STD_INPUT -j MCAST_
  157. -A STD_INPUT -m mark --mark 0xe/0xe -j ACCEPT
  158. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  159. -A STD_INPUT -i gre+ -j TUNNEL_
  160. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  161. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  162. -A STD_INPUT -i black -p gre -j MARK --set-xmark 0x8/0xffffffff
  163. -A STD_INPUT -j REMOTE_RED_
  164. -A STD_INPUT -m mark --mark 0x1/0x1 -j MARK --set-xmark 0x4/0x4
  165. -A STD_INPUT -j LOCAL_RED_
  166. -A STD_INPUT -m mark --mark 0xe/0xe -j ACCEPT
  167. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  168. -A STD_INPUT -i black -p tcp -m tcp --sport 10003 -m state --state ESTABLISHED -j PEERS_
  169. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  170. -A STD_INPUT -i black -p tcp -m tcp --dport 10003 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 3 --connlimit-mask 32 -j DROP
  171. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  172. -A STD_INPUT -i black -p tcp -m tcp --dport 10003 -m state --state NEW -m recent --rcheck --seconds 30 --hitcount 2 --rttl --name REGMNGT --rsource -j REGAUTH_
  173. -A STD_INPUT -m mark --mark 0x1/0x1 -j DROP
  174. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  175. -A STD_INPUT -i black -p tcp -m tcp --dport 10003 -m state --state NEW -m recent --set --name REGMNGT --rsource -j REGAUTH_
  176. -A STD_INPUT -m mark --mark 0x1/0x1
  177. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  178. -A STD_INPUT -i black -p tcp -m tcp --dport 10003 -j REGAUTH_
  179. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  180. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  181. -A STD_INPUT -i black -p tcp -m tcp --dport 10003 -m state --state NEW -m recent --rcheck --seconds 30 --hitcount 2 --rttl --name PEERMNGT --rsource -j PEERS_
  182. -A STD_INPUT -m mark --mark 0x1/0x1 -j DROP
  183. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  184. -A STD_INPUT -i black -p tcp -m tcp --dport 10003 -m state --state NEW -m recent --set --name PEERMNGT --rsource -j PEERS_
  185. -A STD_INPUT -m mark --mark 0x1/0x1
  186. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  187. -A STD_INPUT -i black -p tcp -m tcp --dport 10003 -j PEERS_
  188. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  189. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  190. -A STD_INPUT -i black -p tcp -m tcp --sport 10002 -m state --state ESTABLISHED -j REGAUTH_
  191. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  192. -A STD_INPUT -i black -p tcp -m tcp --dport 10004 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 3 --connlimit-mask 32 -j DROP
  193. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  194. -A STD_INPUT -i black -p tcp -m tcp --dport 10004 -m state --state NEW -m recent --rcheck --seconds 30 --hitcount 2 --rttl --name REGMNGT --rsource -j REGAUTH_
  195. -A STD_INPUT -m mark --mark 0x1/0x1 -j DROP
  196. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  197. -A STD_INPUT -i black -p tcp -m tcp --dport 10004 -m state --state NEW -m recent --set --name REGMNGT --rsource -j REGAUTH_
  198. -A STD_INPUT -m mark --mark 0x1/0x1
  199. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  200. -A STD_INPUT -i black -p tcp -m tcp --dport 10004 -m state --state NEW,ESTABLISHED -j REGAUTH_
  201. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  202. -A STD_INPUT -j MARK --set-xmark 0x0/0xffffffff
  203. -A STD_INPUT -i black -p tcp -m tcp --sport 10001 -m state --state ESTABLISHED -j REGAUTH_
  204. -A STD_INPUT -m mark --mark 0x1/0x1 -j ACCEPT
  205. -A STD_INPUT -i man -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 10 --connlimit-mask 32 -j DROP
  206. -A STD_INPUT -i man -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
  207. -A STD_INPUT -i man -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 3 --connlimit-mask 32 -j DROP
  208. -A STD_INPUT -i man -p tcp -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 3 --rttl --name MNGT --rsource -j DROP
  209. -A STD_INPUT -i man -p tcp -m state --state NEW -m recent --set --name MNGT --rsource
  210. -A STD_INPUT -i man -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
  211. -A STD_INPUT -p tcp -m tcp --dport 10161 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 1 --connlimit-mask 32 -j DROP
  212. -A STD_INPUT -p tcp -m tcp --dport 10161 -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 3 --rttl --name SNMP --rsource -j DROP
  213. -A STD_INPUT -p tcp -m tcp --dport 10161 -m state --state NEW -m recent --set --name SNMP --rsource
  214. -A STD_INPUT -p tcp -m tcp --dport 10161 -m state --state NEW,ESTABLISHED -j ACCEPT
  215. -A STD_INPUT -p udp -m udp --dport 10161 -m state --state NEW,ESTABLISHED -j ACCEPT
  216. -A STD_INPUT -i dbg -p udp -m udp --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT
  217. -A STD_INPUT -i man -p udp -m udp --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT
  218. -A STD_INPUT -i black -p udp -m udp --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT
  219. -A STD_INPUT -i red -p udp -m udp --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT
  220. -A STD_INPUT -i red -p udp -m udp --sport 53 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
  221. -A STD_INPUT -i lo+ -j ACCEPT
  222. -A STD_OUTPUT -p icmp -m limit --limit 1/sec -j ACCEPT
  223. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  224. -A STD_OUTPUT -o black -p esp -j PEERS_
  225. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  226. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  227. -A STD_OUTPUT -o black -p ipencap -j PEERS_
  228. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  229. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  230. -A STD_OUTPUT -o black -p tcp -m tcp --sport 500 -j PEERS_
  231. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  232. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  233. -A STD_OUTPUT -o black -p udp -m udp --sport 500 -j PEERS_
  234. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  235. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  236. -A STD_OUTPUT -o black -p tcp -m tcp --sport 4500 -j PEERS_
  237. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  238. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  239. -A STD_OUTPUT -o black -p udp -m udp --sport 4500 -j PEERS_
  240. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  241. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  242. -A STD_OUTPUT -o red -j MCAST_
  243. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  244. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  245. -A STD_OUTPUT -o gre+ -j MCAST_
  246. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  247. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  248. -A STD_OUTPUT -o black -p igmp -j MARK --set-xmark 0x8/0xffffffff
  249. -A STD_OUTPUT -j TUNNEL_
  250. -A STD_OUTPUT -m mark --mark 0x1/0x1 -j MARK --set-xmark 0x4/0x4
  251. -A STD_OUTPUT -j MCAST_
  252. -A STD_OUTPUT -m mark --mark 0xe/0xe -j ACCEPT
  253. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  254. -A STD_OUTPUT -o gre+ -j TUNNEL_
  255. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  256. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  257. -A STD_OUTPUT -o black -p gre -j MARK --set-xmark 0x8/0xffffffff
  258. -A STD_OUTPUT -j LOCAL_RED_
  259. -A STD_OUTPUT -m mark --mark 0x1/0x1 -j MARK --set-xmark 0x4/0x4
  260. -A STD_OUTPUT -j REMOTE_RED_
  261. -A STD_OUTPUT -m mark --mark 0xe/0xe -j ACCEPT
  262. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  263. -A STD_OUTPUT -o black -p tcp -m tcp --dport 10003 -m state --state NEW,ESTABLISHED -j PEERS_
  264. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  265. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  266. -A STD_OUTPUT -o black -p tcp -m tcp --sport 10003 -m state --state ESTABLISHED -j REGAUTH_
  267. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  268. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  269. -A STD_OUTPUT -o black -p tcp -m tcp --sport 10003 -m state --state ESTABLISHED -j PEERS_
  270. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  271. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  272. -A STD_OUTPUT -o black -p tcp -m tcp --dport 10002 -m state --state NEW,ESTABLISHED -j REGAUTH_
  273. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  274. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  275. -A STD_OUTPUT -o black -p tcp -m tcp --sport 10004 -m state --state ESTABLISHED -j REGAUTH_
  276. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  277. -A STD_OUTPUT -j MARK --set-xmark 0x0/0xffffffff
  278. -A STD_OUTPUT -o black -p tcp -m tcp --dport 10001 -m state --state NEW,ESTABLISHED -j REGAUTH_
  279. -A STD_OUTPUT -m mark --mark 0x2/0x2 -j ACCEPT
  280. -A STD_OUTPUT -o man -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
  281. -A STD_OUTPUT -o man -p tcp -m state --state ESTABLISHED -j ACCEPT
  282. -A STD_OUTPUT -p tcp -m tcp --sport 10161 -m state --state ESTABLISHED -j ACCEPT
  283. -A STD_OUTPUT -p udp -m udp --sport 10161 -m state --state ESTABLISHED -j ACCEPT
  284. -A STD_OUTPUT -o dbg -p udp -m udp --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT
  285. -A STD_OUTPUT -o man -p udp -m udp --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT
  286. -A STD_OUTPUT -o black -p udp -m udp --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT
  287. -A STD_OUTPUT -o red -p udp -m udp --sport 67 --dport 68 -j ACCEPT
  288. -A STD_OUTPUT -o red -p udp -m udp --sport 53 --dport 53 -j ACCEPT
  289. -A STD_OUTPUT -o lo+ -j ACCEPT
  290. -A TUNNEL_ -s 220.0.0.0/6 -j MARK --set-xmark 0x1/0x1
  291. -A TUNNEL_ -d 220.0.0.0/6 -j MARK --set-xmark 0x2/0x2
  292. COMMIT
  293. # Completed on Mon Jul 25 12:06:11 2016
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!