API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 27th, 2014
159
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.13 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.4.19.1 on Thu Nov 27 18:16:12 2014
  2. *nat
  3. :PREROUTING ACCEPT [35743:5752625]
  4. :INPUT ACCEPT [1396:535696]
  5. :OUTPUT ACCEPT [4150:569216]
  6. :POSTROUTING ACCEPT [4150:569216]
  7. :OUTPUT_direct - [0:0]
  8. :POSTROUTING_ZONES - [0:0]
  9. :POSTROUTING_ZONES_SOURCE - [0:0]
  10. :POSTROUTING_direct - [0:0]
  11. :POST_external - [0:0]
  12. :POST_external_allow - [0:0]
  13. :POST_external_deny - [0:0]
  14. :POST_external_log - [0:0]
  15. :POST_internal - [0:0]
  16. :POST_internal_allow - [0:0]
  17. :POST_internal_deny - [0:0]
  18. :POST_internal_log - [0:0]
  19. :POST_public - [0:0]
  20. :POST_public_allow - [0:0]
  21. :POST_public_deny - [0:0]
  22. :POST_public_log - [0:0]
  23. :POST_tor - [0:0]
  24. :POST_tor_allow - [0:0]
  25. :POST_tor_deny - [0:0]
  26. :POST_tor_log - [0:0]
  27. :PREROUTING_ZONES - [0:0]
  28. :PREROUTING_ZONES_SOURCE - [0:0]
  29. :PREROUTING_direct - [0:0]
  30. :PRE_external - [0:0]
  31. :PRE_external_allow - [0:0]
  32. :PRE_external_deny - [0:0]
  33. :PRE_external_log - [0:0]
  34. :PRE_internal - [0:0]
  35. :PRE_internal_allow - [0:0]
  36. :PRE_internal_deny - [0:0]
  37. :PRE_internal_log - [0:0]
  38. :PRE_public - [0:0]
  39. :PRE_public_allow - [0:0]
  40. :PRE_public_deny - [0:0]
  41. :PRE_public_log - [0:0]
  42. :PRE_tor - [0:0]
  43. :PRE_tor_allow - [0:0]
  44. :PRE_tor_deny - [0:0]
  45. :PRE_tor_log - [0:0]
  46. [36646:6093963] -A PREROUTING -j PREROUTING_direct
  47. [36644:6093198] -A PREROUTING -j PREROUTING_ZONES_SOURCE
  48. [36644:6093198] -A PREROUTING -j PREROUTING_ZONES
  49. [4182:583067] -A OUTPUT -j OUTPUT_direct
  50. [0:0] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 23.92.76.239
  51. [4184:583722] -A POSTROUTING -j POSTROUTING_direct
  52. [4183:583662] -A POSTROUTING -j POSTROUTING_ZONES_SOURCE
  53. [4183:583662] -A POSTROUTING -j POSTROUTING_ZONES
  54. [0:0] -A POSTROUTING_ZONES -o eth0:1 -g POST_tor
  55. [4140:571334] -A POSTROUTING_ZONES -o eth0 -g POST_public
  56. [0:0] -A POSTROUTING_ZONES -o tun0 -g POST_internal
  57. [0:0] -A POSTROUTING_ZONES -o eth0:0 -g POST_external
  58. [17:1020] -A POSTROUTING_ZONES -g POST_public
  59. [0:0] -A POST_external -j POST_external_log
  60. [0:0] -A POST_external -j POST_external_deny
  61. [0:0] -A POST_external -j POST_external_allow
  62. [0:0] -A POST_internal -j POST_internal_log
  63. [0:0] -A POST_internal -j POST_internal_deny
  64. [0:0] -A POST_internal -j POST_internal_allow
  65. [4157:572354] -A POST_public -j POST_public_log
  66. [4157:572354] -A POST_public -j POST_public_deny
  67. [4157:572354] -A POST_public -j POST_public_allow
  68. [0:0] -A POST_tor -j POST_tor_log
  69. [0:0] -A POST_tor -j POST_tor_deny
  70. [0:0] -A POST_tor -j POST_tor_allow
  71. [0:0] -A PREROUTING_ZONES -i eth0:1 -g PRE_tor
  72. [34644:5743405] -A PREROUTING_ZONES -i eth0 -g PRE_public
  73. [1303:80757] -A PREROUTING_ZONES -i tun0 -g PRE_internal
  74. [0:0] -A PREROUTING_ZONES -i eth0:0 -g PRE_external
  75. [0:0] -A PREROUTING_ZONES -g PRE_public
  76. [0:0] -A PRE_external -j PRE_external_log
  77. [0:0] -A PRE_external -j PRE_external_deny
  78. [0:0] -A PRE_external -j PRE_external_allow
  79. [1303:80757] -A PRE_internal -j PRE_internal_log
  80. [1303:80757] -A PRE_internal -j PRE_internal_deny
  81. [1303:80757] -A PRE_internal -j PRE_internal_allow
  82. [34644:5743405] -A PRE_public -j PRE_public_log
  83. [34644:5743405] -A PRE_public -j PRE_public_deny
  84. [34644:5743405] -A PRE_public -j PRE_public_allow
  85. [0:0] -A PRE_tor -j PRE_tor_log
  86. [0:0] -A PRE_tor -j PRE_tor_deny
  87. [0:0] -A PRE_tor -j PRE_tor_allow
  88. COMMIT
  89. # Completed on Thu Nov 27 18:16:12 2014
  90. # Generated by iptables-save v1.4.19.1 on Thu Nov 27 18:16:12 2014
  91. *mangle
  92. :PREROUTING ACCEPT [114156:40774964]
  93. :INPUT ACCEPT [112853:40694134]
  94. :FORWARD ACCEPT [1293:80114]
  95. :OUTPUT ACCEPT [111894:61155350]
  96. :POSTROUTING ACCEPT [111894:61155350]
  97. :FORWARD_direct - [0:0]
  98. :INPUT_direct - [0:0]
  99. :OUTPUT_direct - [0:0]
  100. :POSTROUTING_direct - [0:0]
  101. :PREROUTING_ZONES - [0:0]
  102. :PREROUTING_ZONES_SOURCE - [0:0]
  103. :PREROUTING_direct - [0:0]
  104. :PRE_external - [0:0]
  105. :PRE_external_allow - [0:0]
  106. :PRE_external_deny - [0:0]
  107. :PRE_external_log - [0:0]
  108. :PRE_internal - [0:0]
  109. :PRE_internal_allow - [0:0]
  110. :PRE_internal_deny - [0:0]
  111. :PRE_internal_log - [0:0]
  112. :PRE_public - [0:0]
  113. :PRE_public_allow - [0:0]
  114. :PRE_public_deny - [0:0]
  115. :PRE_public_log - [0:0]
  116. :PRE_tor - [0:0]
  117. :PRE_tor_allow - [0:0]
  118. :PRE_tor_deny - [0:0]
  119. :PRE_tor_log - [0:0]
  120. [115654:41266665] -A PREROUTING -j PREROUTING_direct
  121. [115650:41265808] -A PREROUTING -j PREROUTING_ZONES_SOURCE
  122. [115649:41265760] -A PREROUTING -j PREROUTING_ZONES
  123. [114329:41183251] -A INPUT -j INPUT_direct
  124. [1305:80876] -A FORWARD -j FORWARD_direct
  125. [113343:61823858] -A OUTPUT -j OUTPUT_direct
  126. [113349:61825510] -A POSTROUTING -j POSTROUTING_direct
  127. [0:0] -A PREROUTING_ZONES -i eth0:1 -g PRE_tor
  128. [113137:40794983] -A PREROUTING_ZONES -i eth0 -g PRE_public
  129. [1305:80876] -A PREROUTING_ZONES -i tun0 -g PRE_internal
  130. [0:0] -A PREROUTING_ZONES -i eth0:0 -g PRE_external
  131. [185:39578] -A PREROUTING_ZONES -g PRE_public
  132. [0:0] -A PRE_external -j PRE_external_log
  133. [0:0] -A PRE_external -j PRE_external_deny
  134. [0:0] -A PRE_external -j PRE_external_allow
  135. [1305:80876] -A PRE_internal -j PRE_internal_log
  136. [1305:80876] -A PRE_internal -j PRE_internal_deny
  137. [1305:80876] -A PRE_internal -j PRE_internal_allow
  138. [113322:40834561] -A PRE_public -j PRE_public_log
  139. [113322:40834561] -A PRE_public -j PRE_public_deny
  140. [113322:40834561] -A PRE_public -j PRE_public_allow
  141. [0:0] -A PRE_tor -j PRE_tor_log
  142. [0:0] -A PRE_tor -j PRE_tor_deny
  143. [0:0] -A PRE_tor -j PRE_tor_allow
  144. COMMIT
  145. # Completed on Thu Nov 27 18:16:12 2014
  146. # Generated by iptables-save v1.4.19.1 on Thu Nov 27 18:16:12 2014
  147. *security
  148. :INPUT ACCEPT [79303:35700741]
  149. :FORWARD ACCEPT [0:0]
  150. :OUTPUT ACCEPT [113356:61827805]
  151. :FORWARD_direct - [0:0]
  152. :INPUT_direct - [0:0]
  153. :OUTPUT_direct - [0:0]
  154. [79307:35701488] -A INPUT -j INPUT_direct
  155. [0:0] -A FORWARD -j FORWARD_direct
  156. [113360:61832015] -A OUTPUT -j OUTPUT_direct
  157. COMMIT
  158. # Completed on Thu Nov 27 18:16:12 2014
  159. # Generated by iptables-save v1.4.19.1 on Thu Nov 27 18:16:12 2014
  160. *raw
  161. :PREROUTING ACCEPT [115671:41270460]
  162. :OUTPUT ACCEPT [113372:61835054]
  163. :OUTPUT_direct - [0:0]
  164. :PREROUTING_direct - [0:0]
  165. [115672:41271077] -A PREROUTING -j PREROUTING_direct
  166. [113372:61835054] -A OUTPUT -j OUTPUT_direct
  167. COMMIT
  168. # Completed on Thu Nov 27 18:16:12 2014
  169. # Generated by iptables-save v1.4.19.1 on Thu Nov 27 18:16:12 2014
  170. *filter
  171. :INPUT ACCEPT [0:0]
  172. :FORWARD ACCEPT [0:0]
  173. :OUTPUT ACCEPT [111901:61157319]
  174. :FORWARD_IN_ZONES - [0:0]
  175. :FORWARD_IN_ZONES_SOURCE - [0:0]
  176. :FORWARD_OUT_ZONES - [0:0]
  177. :FORWARD_OUT_ZONES_SOURCE - [0:0]
  178. :FORWARD_direct - [0:0]
  179. :FWDI_external - [0:0]
  180. :FWDI_external_allow - [0:0]
  181. :FWDI_external_deny - [0:0]
  182. :FWDI_external_log - [0:0]
  183. :FWDI_internal - [0:0]
  184. :FWDI_internal_allow - [0:0]
  185. :FWDI_internal_deny - [0:0]
  186. :FWDI_internal_log - [0:0]
  187. :FWDI_public - [0:0]
  188. :FWDI_public_allow - [0:0]
  189. :FWDI_public_deny - [0:0]
  190. :FWDI_public_log - [0:0]
  191. :FWDI_tor - [0:0]
  192. :FWDI_tor_allow - [0:0]
  193. :FWDI_tor_deny - [0:0]
  194. :FWDI_tor_log - [0:0]
  195. :FWDO_external - [0:0]
  196. :FWDO_external_allow - [0:0]
  197. :FWDO_external_deny - [0:0]
  198. :FWDO_external_log - [0:0]
  199. :FWDO_internal - [0:0]
  200. :FWDO_internal_allow - [0:0]
  201. :FWDO_internal_deny - [0:0]
  202. :FWDO_internal_log - [0:0]
  203. :FWDO_public - [0:0]
  204. :FWDO_public_allow - [0:0]
  205. :FWDO_public_deny - [0:0]
  206. :FWDO_public_log - [0:0]
  207. :FWDO_tor - [0:0]
  208. :FWDO_tor_allow - [0:0]
  209. :FWDO_tor_deny - [0:0]
  210. :FWDO_tor_log - [0:0]
  211. :INPUT_ZONES - [0:0]
  212. :INPUT_ZONES_SOURCE - [0:0]
  213. :INPUT_direct - [0:0]
  214. :IN_external - [0:0]
  215. :IN_external_allow - [0:0]
  216. :IN_external_deny - [0:0]
  217. :IN_external_log - [0:0]
  218. :IN_internal - [0:0]
  219. :IN_internal_allow - [0:0]
  220. :IN_internal_deny - [0:0]
  221. :IN_internal_log - [0:0]
  222. :IN_public - [0:0]
  223. :IN_public_allow - [0:0]
  224. :IN_public_deny - [0:0]
  225. :IN_public_log - [0:0]
  226. :IN_tor - [0:0]
  227. :IN_tor_allow - [0:0]
  228. :IN_tor_deny - [0:0]
  229. :IN_tor_log - [0:0]
  230. :OUTPUT_direct - [0:0]
  231. [77786:35107277] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  232. [17:1020] -A INPUT -i lo -j ACCEPT
  233. [36608:6089163] -A INPUT -j INPUT_direct
  234. [36607:6089115] -A INPUT -j INPUT_ZONES_SOURCE
  235. [36606:6088945] -A INPUT -j INPUT_ZONES
  236. [13:1052] -A INPUT -p icmp -j ACCEPT
  237. [35066:5490091] -A INPUT -j REJECT --reject-with icmp-host-prohibited
  238. [0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  239. [0:0] -A FORWARD -i lo -j ACCEPT
  240. [1305:80876] -A FORWARD -j FORWARD_direct
  241. [1305:80876] -A FORWARD -j FORWARD_IN_ZONES_SOURCE
  242. [1305:80876] -A FORWARD -j FORWARD_IN_ZONES
  243. [1305:80876] -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
  244. [1305:80876] -A FORWARD -j FORWARD_OUT_ZONES
  245. [0:0] -A FORWARD -p icmp -j ACCEPT
  246. [1305:80876] -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  247. [113375:61836067] -A OUTPUT -j OUTPUT_direct
  248. [0:0] -A FORWARD_IN_ZONES -i eth0:1 -g FWDI_tor
  249. [0:0] -A FORWARD_IN_ZONES -i eth0 -g FWDI_public
  250. [1305:80876] -A FORWARD_IN_ZONES -i tun0 -g FWDI_internal
  251. [0:0] -A FORWARD_IN_ZONES -i eth0:0 -g FWDI_external
  252. [0:0] -A FORWARD_IN_ZONES -g FWDI_public
  253. [0:0] -A FORWARD_OUT_ZONES -o eth0:1 -g FWDO_tor
  254. [1305:80876] -A FORWARD_OUT_ZONES -o eth0 -g FWDO_public
  255. [0:0] -A FORWARD_OUT_ZONES -o tun0 -g FWDO_internal
  256. [0:0] -A FORWARD_OUT_ZONES -o eth0:0 -g FWDO_external
  257. [0:0] -A FORWARD_OUT_ZONES -g FWDO_public
  258. [0:0] -A FWDI_external -j FWDI_external_log
  259. [0:0] -A FWDI_external -j FWDI_external_deny
  260. [0:0] -A FWDI_external -j FWDI_external_allow
  261. [1305:80876] -A FWDI_internal -j FWDI_internal_log
  262. [1305:80876] -A FWDI_internal -j FWDI_internal_deny
  263. [1305:80876] -A FWDI_internal -j FWDI_internal_allow
  264. [0:0] -A FWDI_public -j FWDI_public_log
  265. [0:0] -A FWDI_public -j FWDI_public_deny
  266. [0:0] -A FWDI_public -j FWDI_public_allow
  267. [0:0] -A FWDI_tor -j FWDI_tor_log
  268. [0:0] -A FWDI_tor -j FWDI_tor_deny
  269. [0:0] -A FWDI_tor -j FWDI_tor_allow
  270. [0:0] -A FWDO_external -j FWDO_external_log
  271. [0:0] -A FWDO_external -j FWDO_external_deny
  272. [0:0] -A FWDO_external -j FWDO_external_allow
  273. [0:0] -A FWDO_internal -j FWDO_internal_log
  274. [0:0] -A FWDO_internal -j FWDO_internal_deny
  275. [0:0] -A FWDO_internal -j FWDO_internal_allow
  276. [1305:80876] -A FWDO_public -j FWDO_public_log
  277. [1305:80876] -A FWDO_public -j FWDO_public_deny
  278. [1305:80876] -A FWDO_public -j FWDO_public_allow
  279. [0:0] -A FWDO_tor -j FWDO_tor_log
  280. [0:0] -A FWDO_tor -j FWDO_tor_deny
  281. [0:0] -A FWDO_tor -j FWDO_tor_allow
  282. [0:0] -A INPUT_ZONES -i eth0:1 -g IN_tor
  283. [35800:5807692] -A INPUT_ZONES -i eth0 -g IN_public
  284. [0:0] -A INPUT_ZONES -i tun0 -g IN_internal
  285. [0:0] -A INPUT_ZONES -i eth0:0 -g IN_external
  286. [0:0] -A INPUT_ZONES -g IN_public
  287. [0:0] -A IN_external -j IN_external_log
  288. [0:0] -A IN_external -j IN_external_deny
  289. [0:0] -A IN_external -j IN_external_allow
  290. [0:0] -A IN_external_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
  291. [0:0] -A IN_external_allow -p udp -m udp --dport 1194 -m conntrack --ctstate NEW -j ACCEPT
  292. [0:0] -A IN_internal -j IN_internal_log
  293. [0:0] -A IN_internal -j IN_internal_deny
  294. [0:0] -A IN_internal -j IN_internal_allow
  295. [0:0] -A IN_internal_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW -j ACCEPT
  296. [0:0] -A IN_internal_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
  297. [0:0] -A IN_internal_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW -j ACCEPT
  298. [0:0] -A IN_internal_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW -j ACCEPT
  299. [0:0] -A IN_internal_allow -p udp -m udp --dport 1194 -m conntrack --ctstate NEW -j ACCEPT
  300. [35800:5807692] -A IN_public -j IN_public_log
  301. [35800:5807692] -A IN_public -j IN_public_deny
  302. [35800:5807692] -A IN_public -j IN_public_allow
  303. [0:0] -A IN_public_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW -j ACCEPT
  304. [11:588] -A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
  305. [73:3532] -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
  306. [1425:592510] -A IN_public_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
  307. [0:0] -A IN_public_allow -p udp -m udp --dport 1194 -m conntrack --ctstate NEW -j ACCEPT
  308. [0:0] -A IN_public_allow -p tcp -m tcp --dport 6379 -m conntrack --ctstate NEW -j ACCEPT
  309. [16:832] -A IN_public_allow -p tcp -m tcp --dport 8887 -m conntrack --ctstate NEW -j ACCEPT
  310. [0:0] -A IN_tor -j IN_tor_log
  311. [0:0] -A IN_tor -j IN_tor_deny
  312. [0:0] -A IN_tor -j IN_tor_allow
  313. [0:0] -A IN_tor_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
  314. [0:0] -A IN_tor_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
  315. COMMIT
  316. # Completed on Thu Nov 27 18:16:12 2014
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!