Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *nat
- :PREROUTING ACCEPT [249:15581]
- :INPUT ACCEPT [9:571]
- :OUTPUT ACCEPT [38:2445]
- :POSTROUTING ACCEPT [15:1005]
- # REQUIRED IPTABLES RULES FOR ETH0 IP MASQUERADING (enable only if not using a vpn)
- -A POSTROUTING -o eth0 -j MASQUERADE
- COMMIT
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- # REQIRED IPTABLES RULES FOR IODINE (enable only if not using a vpn)
- -A FORWARD -i eth0 -o dns+ -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i dns+ -o eth0 -j ACCEPT
- # REQUIRED IPTABLES RULES FOR WIFI ROUTER
- -A FORWARD -i wlan0 -j ACCEPT
- # Keep state.
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Loop device.
- -A INPUT -i lo -j ACCEPT
- # http, https
- -A INPUT -p tcp --dport 80 -j ACCEPT
- -A INPUT -p tcp --dport 443 -j ACCEPT
- # smtp, submission
- -A INPUT -p tcp --dport 25 -j ACCEPT
- -A INPUT -p tcp --dport 587 -j ACCEPT
- # pop3, pop3s
- -A INPUT -p tcp --dport 110 -j ACCEPT
- -A INPUT -p tcp --dport 995 -j ACCEPT
- # imap, imaps
- -A INPUT -p tcp --dport 143 -j ACCEPT
- -A INPUT -p tcp --dport 993 -j ACCEPT
- # ssh
- -A INPUT -p tcp --dport 22 -j ACCEPT
- # Allow PING from remote hosts.
- -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
- # ejabberd
- #-A INPUT -p tcp --dport 5222 -j ACCEPT
- #-A INPUT -p tcp --dport 5223 -j ACCEPT
- #-A INPUT -p tcp --dport 5280 -j ACCEPT
- # ldap/ldaps
- #-A INPUT -p tcp --dport 389 -j ACCEPT
- #-A INPUT -p tcp --dport 636 -j ACCEPT
- # ftp.
- #-A INPUT -p tcp --dport 20 -j ACCEPT
- #-A INPUT -p tcp --dport 21 -j ACCEPT
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
