Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Chain INPUT (policy DROP)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere ctstate ESTABLISHED
- ACCEPT icmp -- anywhere anywhere ctstate RELATED
- input_ext all -- anywhere anywhere
- LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-IN-ILL-TARGET "
- DROP all -- anywhere anywhere
- Chain FORWARD (policy DROP)
- target prot opt source destination
- LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-FWD-ILL-ROUTING "
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere
- Chain forward_ext (0 references)
- target prot opt source destination
- Chain input_ext (1 references)
- target prot opt source destination
- DROP all -- anywhere anywhere PKTTYPE = broadcast
- ACCEPT icmp -- anywhere anywhere icmp source-quench
- ACCEPT icmp -- anywhere anywhere icmp echo-request
- DROP all -- anywhere anywhere PKTTYPE = multicast
- DROP all -- anywhere anywhere PKTTYPE = broadcast
- LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
- LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
- LOG udp -- anywhere anywhere limit: avg 3/min burst 5 ctstate NEW LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
- DROP all -- anywhere anywhere
- Chain reject_func (0 references)
- target prot opt source destination
- REJECT tcp -- anywhere anywhere reject-with tcp-reset
- REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
- REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
