API tools faq
paste
Advertisement
gdhami

iptables

gdhami
Dec 8th, 2013
139
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 11.57 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.3.5 on Sun Dec  8 21:56:04 2013
  2. *filter
  3. :INPUT DROP [0:0]
  4. :FORWARD DROP [0:0]
  5. :OUTPUT DROP [0:0]
  6. :ALLOWIN - [0:0]
  7. :ALLOWOUT - [0:0]
  8. :INVALID - [0:0]
  9. :INVDROP - [0:0]
  10. :LOCALINPUT - [0:0]
  11. :LOCALOUTPUT - [0:0]
  12. :LOGDROPIN - [0:0]
  13. :LOGDROPOUT - [0:0]
  14. :acctboth - [0:0]
  15. -A INPUT -j acctboth
  16. -A INPUT -i eth0 -j LOCALINPUT
  17. -A INPUT -i lo -j ACCEPT
  18. -A INPUT -i eth0 -p tcp -j INVALID
  19. -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  20. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
  21. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
  22. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
  23. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
  24. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
  25. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
  26. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
  27. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT
  28. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
  29. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT
  30. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT
  31. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT
  32. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT
  33. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 2077 -j ACCEPT
  34. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 2078 -j ACCEPT
  35. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 2082 -j ACCEPT
  36. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 2083 -j ACCEPT
  37. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 2086 -j ACCEPT
  38. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 2087 -j ACCEPT
  39. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 2095 -j ACCEPT
  40. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 2096 -j ACCEPT
  41. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 2382 -j ACCEPT
  42. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 26 -j ACCEPT
  43. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 30000:35000 -j ACCEPT
  44. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 12001:12009 -j ACCEPT
  45. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 9418 -j ACCEPT
  46. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT
  47. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8002 -j ACCEPT
  48. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
  49. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT
  50. -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 119 -j ACCEPT
  51. -A INPUT -i eth0 -p udp -m state --state NEW -m udp --dport 20 -j ACCEPT
  52. -A INPUT -i eth0 -p udp -m state --state NEW -m udp --dport 21 -j ACCEPT
  53. -A INPUT -i eth0 -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
  54. -A INPUT -i eth0 -p udp -m state --state NEW -m udp --dport 2382 -j ACCEPT
  55. -A INPUT -i eth0 -p udp -m state --state NEW -m udp --dport 26 -j ACCEPT
  56. -A INPUT -i eth0 -p udp -m state --state NEW -m udp --dport 119 -j ACCEPT
  57. -A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
  58. -A INPUT -i eth0 -p icmp -m icmp --icmp-type 0 -m limit --limit 1/sec -j ACCEPT
  59. -A INPUT -i eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT
  60. -A INPUT -i eth0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
  61. -A INPUT -i eth0 -j LOGDROPIN
  62. -A OUTPUT -j acctboth
  63. -A OUTPUT -o eth0 -j LOCALOUTPUT
  64. -A OUTPUT -o eth0 -p tcp -m tcp --dport 53 -j ACCEPT
  65. -A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT
  66. -A OUTPUT -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
  67. -A OUTPUT -o eth0 -p udp -m udp --sport 53 -j ACCEPT
  68. -A OUTPUT -o lo -j ACCEPT
  69. -A OUTPUT -o eth0 -p tcp -j INVALID
  70. -A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  71. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 9418 -j ACCEPT
  72. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
  73. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
  74. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
  75. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
  76. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 37 -j ACCEPT
  77. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 43 -j ACCEPT
  78. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
  79. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
  80. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
  81. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 113 -j ACCEPT
  82. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
  83. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT
  84. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 873 -j ACCEPT
  85. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 2087 -j ACCEPT
  86. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 2089 -j ACCEPT
  87. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 2703 -j ACCEPT
  88. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 2382 -j ACCEPT
  89. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 26 -j ACCEPT
  90. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 30000:35000 -j ACCEPT
  91. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 12001 -j ACCEPT
  92. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 12009 -j ACCEPT
  93. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
  94. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT
  95. -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 119 -j ACCEPT
  96. -A OUTPUT -o eth0 -p udp -m state --state NEW -m udp --dport 20 -j ACCEPT
  97. -A OUTPUT -o eth0 -p udp -m state --state NEW -m udp --dport 21 -j ACCEPT
  98. -A OUTPUT -o eth0 -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
  99. -A OUTPUT -o eth0 -p udp -m state --state NEW -m udp --dport 113 -j ACCEPT
  100. -A OUTPUT -o eth0 -p udp -m state --state NEW -m udp --dport 123 -j ACCEPT
  101. -A OUTPUT -o eth0 -p udp -m state --state NEW -m udp --dport 873 -j ACCEPT
  102. -A OUTPUT -o eth0 -p udp -m state --state NEW -m udp --dport 6277 -j ACCEPT
  103. -A OUTPUT -o eth0 -p udp -m state --state NEW -m udp --dport 2382 -j ACCEPT
  104. -A OUTPUT -o eth0 -p udp -m state --state NEW -m udp --dport 26 -j ACCEPT
  105. -A OUTPUT -o eth0 -p udp -m state --state NEW -m udp --dport 119 -j ACCEPT
  106. -A OUTPUT -o eth0 -p icmp -m icmp --icmp-type 0 -m limit --limit 1/sec -j ACCEPT
  107. -A OUTPUT -o eth0 -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
  108. -A OUTPUT -o eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT
  109. -A OUTPUT -o eth0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
  110. -A OUTPUT -o eth0 -j LOGDROPOUT
  111. -A ALLOWIN -s 41.228.96.0/255.255.255.0 -i eth0 -j ACCEPT
  112. -A ALLOWIN -s 41.228.96.65 -i eth0 -j ACCEPT
  113. -A ALLOWIN -s 209.51.153.82 -i eth0 -j ACCEPT
  114. -A ALLOWOUT -d 41.228.96.0/255.255.255.0 -o eth0 -j ACCEPT
  115. -A ALLOWOUT -d 41.228.96.65 -o eth0 -j ACCEPT
  116. -A ALLOWOUT -d 209.51.153.82 -o eth0 -j ACCEPT
  117. -A INVALID -m state --state INVALID -j INVDROP
  118. -A INVALID -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j INVDROP
  119. -A INVALID -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j INVDROP
  120. -A INVALID -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j INVDROP
  121. -A INVALID -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j INVDROP
  122. -A INVALID -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j INVDROP
  123. -A INVALID -p tcp -m tcp --tcp-flags FIN,ACK FIN -j INVDROP
  124. -A INVALID -p tcp -m tcp --tcp-flags PSH,ACK PSH -j INVDROP
  125. -A INVALID -p tcp -m tcp --tcp-flags ACK,URG URG -j INVDROP
  126. -A INVALID -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j INVDROP
  127. -A INVDROP -j DROP
  128. -A LOCALINPUT -i eth0 -j ALLOWIN
  129. -A LOCALOUTPUT -o eth0 -j ALLOWOUT
  130. -A LOGDROPIN -p tcp -m tcp --dport 67 -j DROP
  131. -A LOGDROPIN -p udp -m udp --dport 67 -j DROP
  132. -A LOGDROPIN -p tcp -m tcp --dport 68 -j DROP
  133. -A LOGDROPIN -p udp -m udp --dport 68 -j DROP
  134. -A LOGDROPIN -p tcp -m tcp --dport 111 -j DROP
  135. -A LOGDROPIN -p udp -m udp --dport 111 -j DROP
  136. -A LOGDROPIN -p tcp -m tcp --dport 113 -j DROP
  137. -A LOGDROPIN -p udp -m udp --dport 113 -j DROP
  138. -A LOGDROPIN -p tcp -m tcp --dport 135:139 -j DROP
  139. -A LOGDROPIN -p udp -m udp --dport 135:139 -j DROP
  140. -A LOGDROPIN -p tcp -m tcp --dport 445 -j DROP
  141. -A LOGDROPIN -p udp -m udp --dport 445 -j DROP
  142. -A LOGDROPIN -p tcp -m tcp --dport 513 -j DROP
  143. -A LOGDROPIN -p udp -m udp --dport 513 -j DROP
  144. -A LOGDROPIN -p tcp -m tcp --dport 520 -j DROP
  145. -A LOGDROPIN -p udp -m udp --dport 520 -j DROP
  146. -A LOGDROPIN -p tcp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *TCP_IN Blocked* "
  147. -A LOGDROPIN -p udp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *UDP_IN Blocked* "
  148. -A LOGDROPIN -p icmp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *ICMP_IN Blocked* "
  149. -A LOGDROPIN -j DROP
  150. -A LOGDROPOUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 30/min -j LOG --log-prefix "Firewall: *TCP_OUT Blocked* " --log-uid
  151. -A LOGDROPOUT -p udp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *UDP_OUT Blocked* " --log-uid
  152. -A LOGDROPOUT -p icmp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *ICMP_OUT Blocked* " --log-uid
  153. -A LOGDROPOUT -j DROP
  154. -A acctboth -s 111.22.33.444 -i ! lo -p tcp -m tcp --dport 80
  155. -A acctboth -d 111.22.33.444 -i ! lo -p tcp -m tcp --sport 80
  156. -A acctboth -s 111.22.33.444 -i ! lo -p tcp -m tcp --dport 25
  157. -A acctboth -d 111.22.33.444 -i ! lo -p tcp -m tcp --sport 25
  158. -A acctboth -s 111.22.33.444 -i ! lo -p tcp -m tcp --dport 110
  159. -A acctboth -d 111.22.33.444 -i ! lo -p tcp -m tcp --sport 110
  160. -A acctboth -s 111.22.33.444 -i ! lo -p icmp
  161. -A acctboth -d 111.22.33.444 -i ! lo -p icmp
  162. -A acctboth -s 111.22.33.444 -i ! lo -p tcp
  163. -A acctboth -d 111.22.33.444 -i ! lo -p tcp
  164. -A acctboth -s 111.22.33.444 -i ! lo -p udp
  165. -A acctboth -d 111.22.33.444 -i ! lo -p udp
  166. -A acctboth -s 111.22.33.444 -i ! lo
  167. -A acctboth -d 111.22.33.444 -i ! lo
  168. -A acctboth -s 111.22.33.555 -i ! lo -p tcp -m tcp --dport 80
  169. -A acctboth -d 111.22.33.555 -i ! lo -p tcp -m tcp --sport 80
  170. -A acctboth -s 111.22.33.555 -i ! lo -p tcp -m tcp --dport 443
  171. -A acctboth -d 111.22.33.555 -i ! lo -p tcp -m tcp --sport 443
  172. -A acctboth -s 111.22.33.555 -i ! lo -p tcp -m tcp --dport 25
  173. -A acctboth -d 111.22.33.555 -i ! lo -p tcp -m tcp --sport 25
  174. -A acctboth -s 111.22.33.555 -i ! lo -p tcp -m tcp --dport 110
  175. -A acctboth -d 111.22.33.555 -i ! lo -p tcp -m tcp --sport 110
  176. -A acctboth -s 111.22.33.555 -i ! lo -p icmp
  177. -A acctboth -d 111.22.33.555 -i ! lo -p icmp
  178. -A acctboth -s 111.22.33.555 -i ! lo -p tcp
  179. -A acctboth -d 111.22.33.555 -i ! lo -p tcp
  180. -A acctboth -s 111.22.33.555 -i ! lo -p udp
  181. -A acctboth -d 111.22.33.555 -i ! lo -p udp
  182. -A acctboth -s 111.22.33.555 -i ! lo
  183. -A acctboth -d 111.22.33.555 -i ! lo
  184. -A acctboth -i ! lo
  185. COMMIT
  186. # Completed on Sun Dec  8 21:56:04 2013
  187. # Generated by iptables-save v1.3.5 on Sun Dec  8 21:56:04 2013
  188. *nat
  189. :PREROUTING ACCEPT [52:2991]
  190. :POSTROUTING ACCEPT [131:10103]
  191. :OUTPUT ACCEPT [131:10103]
  192. COMMIT
  193. # Completed on Sun Dec  8 21:56:04 2013
  194. # Generated by iptables-save v1.3.5 on Sun Dec  8 21:56:04 2013
  195. *mangle
  196. :PREROUTING ACCEPT [1314:156437]
  197. :INPUT ACCEPT [1314:156437]
  198. :FORWARD ACCEPT [0:0]
  199. :OUTPUT ACCEPT [1741:1844557]
  200. :POSTROUTING ACCEPT [1741:1844557]
  201. COMMIT
  202. # Completed on Sun Dec  8 21:56:04 2013
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!