API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 4th, 2015
184
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.57 KB | None | 0 0
raw download clone embed print report
  1. IF=eth0
  2. _IPTABLES=iptables
  3.  
  4. $_IPTABLES -P INPUT DROP
  5. $_IPTABLES -P FORWARD DROP
  6. $_IPTABLES -P OUTPUT DROP
  7.  
  8. $_IPTABLES -A INPUT -i $IF -p tcp -m multiport --dports 22,53,80,443,953 -m state --state NEW,ESTABLISHED -j ACCEPT
  9. $_IPTABLES -A OUTPUT -o $IF -p tcp -m multiport --sports 22,53,80,443,953 -m state --state ESTABLISHED -j ACCEPT
  10.  
  11. $_IPTABLES -A INPUT -i $IF -p udp -m multiport --dports 53 -m state --state NEW,ESTABLISHED -j ACCEPT
  12. $_IPTABLES -A OUTPUT -o $IF -p udp -m multiport --sports 53 -m state --state ESTABLISHED -j ACCEPT
  13.  
  14. $_IPTABLES -A INPUT -i $IF -p tcp -m multiport --sports 53,953 -m state --state ESTABLISHED -j ACCEPT
  15. $_IPTABLES -A OUTPUT -o $IF -p tcp -m multiport --dports 53,953 -m state --state NEW,ESTABLISHED -j ACCEPT
  16.  
  17. $_IPTABLES -A INPUT -i $IF -p udp -m multiport --sports 53 -m state --state ESTABLISHED -j ACCEPT
  18. $_IPTABLES -A OUTPUT -o $IF -p udp -m multiport --dports 53 -m state --state NEW,ESTABLISHED -j ACCEPT
  19.  
  20. root@ganymede:~/linux/iptables# cat /etc/network/interfaces
  21.  
  22. # The loopback network interface
  23. auto lo
  24. iface lo inet loopback
  25.  
  26. # The bridge we're building over eth0
  27. auto br0
  28. iface br0 inet static
  29. bridge_ports eth0
  30. bridge_fd 0
  31. bridge_maxwait 0
  32. # this should be in eth0 w/o br0
  33. address xx.xx.xx.xx
  34. netmask 255.255.255.0
  35. network xx.xx.xx.0
  36. broadcast xx.xx.xx.255
  37. gateway xx.xx.xx.1
  38. # dns-* options are implemented by the resolvconf package, if installed
  39. dns-nameservers 217.11.48.200 217.11.49.200 8.8.8.8 8.8.4.4
  40.  
  41. auto br0:0
  42. iface br0:0 inet static
  43. # this should be in eth0 w/o br0
  44. address xx.xx.xx.xx
  45. netmask 255.255.255.248
  46. network xx.xx.xx.xx
  47. broadcast xx.xx.xx.xx
  48. # gateway xx.xx.xx.xx
  49. # dns-* options are implemented by the resolvconf package, if installed
  50. # dns-nameservers 217.11.48.200 217.11.49.200 8.8.8.8 8.8.4.4
  51.  
  52. root@ganymede:~/linux/iptables# cat /var/lib/lxc/callisto/config
  53. # Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu
  54. # Parameters passed to the template:
  55. # For additional config options, please look at lxc.conf(5)
  56.  
  57. # Common configuration
  58. lxc.include = /usr/share/lxc/config/ubuntu.common.conf
  59.  
  60. # Container specific configuration
  61. lxc.rootfs = /var/lib/lxc/callisto/rootfs
  62. lxc.mount = /var/lib/lxc/callisto/fstab
  63. lxc.utsname = callisto
  64. lxc.arch = amd64
  65.  
  66. # Network configuration
  67. lxc.network.type = veth
  68. lxc.network.flags = up
  69. #lxc.network.link = lxcbr0
  70. # uncoment above and comment below line to move back to local bridge
  71. lxc.network.link = br0
  72. lxc.network.hwaddr = 00:16:3e:39:04:35
  73. lxc.network.ipv4 = yy.yy.yy.yy/29
  74. # comment this line for local bridge
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!