API tools faq
paste
Advertisement
Guest User

iptables-save output

a guest
Sep 6th, 2014
474
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.99 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.4.7 on Sat Sep 6 13:48:37 2014
  2. *filter
  3. :INPUT DROP [0:0]
  4. :FORWARD DROP [0:0]
  5. :OUTPUT DROP [0:0]
  6. :ALLOWIN - [0:0]
  7. :ALLOWOUT - [0:0]
  8. :DENYIN - [0:0]
  9. :DENYOUT - [0:0]
  10. :INVALID - [0:0]
  11. :INVDROP - [0:0]
  12. :LOCALINPUT - [0:0]
  13. :LOCALOUTPUT - [0:0]
  14. :LOGDROPIN - [0:0]
  15. :LOGDROPOUT - [0:0]
  16. -A INPUT -s 213.133.99.99/32 ! -i lo -p tcp -m tcp --dport 53 -j ACCEPT
  17. -A INPUT -s 213.133.99.99/32 ! -i lo -p udp -m udp --dport 53 -j ACCEPT
  18. -A INPUT -s 213.133.99.99/32 ! -i lo -p tcp -m tcp --sport 53 -j ACCEPT
  19. -A INPUT -s 213.133.99.99/32 ! -i lo -p udp -m udp --sport 53 -j ACCEPT
  20. -A INPUT -s 213.133.98.98/32 ! -i lo -p tcp -m tcp --dport 53 -j ACCEPT
  21. -A INPUT -s 213.133.98.98/32 ! -i lo -p udp -m udp --dport 53 -j ACCEPT
  22. -A INPUT -s 213.133.98.98/32 ! -i lo -p tcp -m tcp --sport 53 -j ACCEPT
  23. -A INPUT -s 213.133.98.98/32 ! -i lo -p udp -m udp --sport 53 -j ACCEPT
  24. -A INPUT -s 213.133.100.100/32 ! -i lo -p tcp -m tcp --dport 53 -j ACCEPT
  25. -A INPUT -s 213.133.100.100/32 ! -i lo -p udp -m udp --dport 53 -j ACCEPT
  26. -A INPUT -s 213.133.100.100/32 ! -i lo -p tcp -m tcp --sport 53 -j ACCEPT
  27. -A INPUT -s 213.133.100.100/32 ! -i lo -p udp -m udp --sport 53 -j ACCEPT
  28. -A INPUT ! -i lo -j LOCALINPUT
  29. -A INPUT -i lo -j ACCEPT
  30. -A INPUT ! -i lo -p tcp -j INVALID
  31. -A INPUT ! -i lo -m state --state RELATED,ESTABLISHED -j ACCEPT
  32. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
  33. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
  34. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 9091 -j ACCEPT
  35. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
  36. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 51413 -j ACCEPT
  37. -A INPUT ! -i lo -p udp -m state --state NEW -m udp --dport 51413 -j ACCEPT
  38. -A INPUT ! -i lo -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
  39. -A INPUT ! -i lo -p icmp -m icmp --icmp-type 0 -m limit --limit 1/sec -j ACCEPT
  40. -A INPUT ! -i lo -p icmp -m icmp --icmp-type 11 -j ACCEPT
  41. -A INPUT ! -i lo -p icmp -m icmp --icmp-type 3 -j ACCEPT
  42. -A INPUT ! -i lo -j LOGDROPIN
  43. -A OUTPUT -d 213.133.99.99/32 ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT
  44. -A OUTPUT -d 213.133.99.99/32 ! -o lo -p udp -m udp --dport 53 -j ACCEPT
  45. -A OUTPUT -d 213.133.99.99/32 ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT
  46. -A OUTPUT -d 213.133.99.99/32 ! -o lo -p udp -m udp --sport 53 -j ACCEPT
  47. -A OUTPUT -d 213.133.98.98/32 ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT
  48. -A OUTPUT -d 213.133.98.98/32 ! -o lo -p udp -m udp --dport 53 -j ACCEPT
  49. -A OUTPUT -d 213.133.98.98/32 ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT
  50. -A OUTPUT -d 213.133.98.98/32 ! -o lo -p udp -m udp --sport 53 -j ACCEPT
  51. -A OUTPUT -d 213.133.100.100/32 ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT
  52. -A OUTPUT -d 213.133.100.100/32 ! -o lo -p udp -m udp --dport 53 -j ACCEPT
  53. -A OUTPUT -d 213.133.100.100/32 ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT
  54. -A OUTPUT -d 213.133.100.100/32 ! -o lo -p udp -m udp --sport 53 -j ACCEPT
  55. -A OUTPUT ! -o lo -j LOCALOUTPUT
  56. -A OUTPUT ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT
  57. -A OUTPUT ! -o lo -p udp -m udp --dport 53 -j ACCEPT
  58. -A OUTPUT ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT
  59. -A OUTPUT ! -o lo -p udp -m udp --sport 53 -j ACCEPT
  60. -A OUTPUT -o lo -j ACCEPT
  61. -A OUTPUT ! -o lo -p tcp -j INVALID
  62. -A OUTPUT ! -o lo -m state --state RELATED,ESTABLISHED -j ACCEPT
  63. -A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 1:65535 -j ACCEPT
  64. -A OUTPUT ! -o lo -p udp -m state --state NEW -m udp --dport 1:65535 -j ACCEPT
  65. -A OUTPUT ! -o lo -p icmp -m icmp --icmp-type 0 -j ACCEPT
  66. -A OUTPUT ! -o lo -p icmp -m icmp --icmp-type 8 -j ACCEPT
  67. -A OUTPUT ! -o lo -p icmp -m icmp --icmp-type 11 -j ACCEPT
  68. -A OUTPUT ! -o lo -p icmp -m icmp --icmp-type 3 -j ACCEPT
  69. -A OUTPUT ! -o lo -j LOGDROPOUT
  70. -A ALLOWIN -s 82.75.114.225/32 ! -i lo -j ACCEPT
  71. -A ALLOWOUT -d 82.75.114.225/32 ! -o lo -j ACCEPT
  72. -A DENYIN -s 219.138.135.62/32 ! -i lo -j DROP
  73. -A DENYIN -s 116.10.191.187/32 ! -i lo -j DROP
  74. -A DENYIN -s 116.10.191.162/32 ! -i lo -j DROP
  75. -A DENYIN -s 116.10.191.171/32 ! -i lo -j DROP
  76. -A DENYIN -s 62.210.187.41/32 ! -i lo -j DROP
  77. -A DENYIN -s 61.174.51.219/32 ! -i lo -j DROP
  78. -A DENYIN -s 61.174.49.116/32 ! -i lo -j DROP
  79. -A DENYIN -s 116.10.191.163/32 ! -i lo -j DROP
  80. -A DENYIN -s 139.0.12.151/32 ! -i lo -j DROP
  81. -A DENYIN -s 187.63.226.82/32 ! -i lo -j DROP
  82. -A DENYIN -s 61.167.49.132/32 ! -i lo -j DROP
  83. -A DENYIN -s 116.10.191.189/32 ! -i lo -j DROP
  84. -A DENYIN -s 61.167.49.141/32 ! -i lo -j DROP
  85. -A DENYIN -s 189.203.240.53/32 ! -i lo -j DROP
  86. -A DENYIN -s 116.10.191.194/32 ! -i lo -j DROP
  87. -A DENYIN -s 219.138.135.59/32 ! -i lo -j DROP
  88. -A DENYIN -s 61.167.49.143/32 ! -i lo -j DROP
  89. -A DENYIN -s 116.10.191.174/32 ! -i lo -j DROP
  90. -A DENYIN -s 61.174.51.221/32 ! -i lo -j DROP
  91. -A DENYIN -s 183.110.253.233/32 ! -i lo -j DROP
  92. -A DENYIN -s 148.251.67.106/32 ! -i lo -j DROP
  93. -A DENYIN -s 115.238.236.81/32 ! -i lo -j DROP
  94. -A DENYIN -s 173.208.166.66/32 ! -i lo -j DROP
  95. -A DENYIN -s 222.187.221.152/32 ! -i lo -j DROP
  96. -A DENYIN -s 222.186.34.117/32 ! -i lo -j DROP
  97. -A DENYIN -s 222.186.34.115/32 ! -i lo -j DROP
  98. -A DENYIN -s 222.186.34.116/32 ! -i lo -j DROP
  99. -A DENYIN -s 222.186.34.123/32 ! -i lo -j DROP
  100. -A DENYIN -s 222.186.34.119/32 ! -i lo -j DROP
  101. -A DENYIN -s 222.186.34.114/32 ! -i lo -j DROP
  102. -A DENYIN -s 119.15.156.221/32 ! -i lo -j DROP
  103. -A DENYIN -s 222.186.34.118/32 ! -i lo -j DROP
  104. -A DENYIN -s 222.186.34.122/32 ! -i lo -j DROP
  105. -A DENYIN -s 222.186.58.205/32 ! -i lo -j DROP
  106. -A DENYIN -s 175.22.14.71/32 ! -i lo -j DROP
  107. -A DENYIN -s 115.239.248.85/32 ! -i lo -j DROP
  108. -A DENYIN -s 61.174.51.197/32 ! -i lo -j DROP
  109. -A DENYIN -s 222.186.50.229/32 ! -i lo -j DROP
  110. -A DENYIN -s 116.10.191.172/32 ! -i lo -j DROP
  111. -A DENYIN -s 116.10.191.211/32 ! -i lo -j DROP
  112. -A DENYIN -s 202.109.143.42/32 ! -i lo -j DROP
  113. -A DENYIN -s 202.109.143.20/32 ! -i lo -j DROP
  114. -A DENYIN -s 202.109.143.95/32 ! -i lo -j DROP
  115. -A DENYIN -s 111.74.238.124/32 ! -i lo -j DROP
  116. -A DENYIN -s 202.109.143.53/32 ! -i lo -j DROP
  117. -A DENYIN -s 61.174.51.198/32 ! -i lo -j DROP
  118. -A DENYIN -s 116.10.191.170/32 ! -i lo -j DROP
  119. -A DENYIN -s 116.10.191.164/32 ! -i lo -j DROP
  120. -A DENYIN -s 116.10.191.206/32 ! -i lo -j DROP
  121. -A DENYIN -s 122.225.109.208/32 ! -i lo -j DROP
  122. -A DENYIN -s 189.203.240.56/32 ! -i lo -j DROP
  123. -A DENYIN -s 222.186.34.143/32 ! -i lo -j DROP
  124. -A DENYIN -s 115.239.248.122/32 ! -i lo -j DROP
  125. -A DENYIN -s 115.239.248.50/32 ! -i lo -j DROP
  126. -A DENYIN -s 117.21.191.209/32 ! -i lo -j DROP
  127. -A DENYIN -s 115.239.248.57/32 ! -i lo -j DROP
  128. -A DENYIN -s 115.239.248.51/32 ! -i lo -j DROP
  129. -A DENYIN -s 220.177.198.24/32 ! -i lo -j DROP
  130. -A DENYIN -s 115.239.248.121/32 ! -i lo -j DROP
  131. -A DENYIN -s 220.177.198.93/32 ! -i lo -j DROP
  132. -A DENYIN -s 116.10.191.178/32 ! -i lo -j DROP
  133. -A DENYIN -s 115.239.248.90/32 ! -i lo -j DROP
  134. -A DENYIN -s 220.177.198.38/32 ! -i lo -j DROP
  135. -A DENYIN -s 220.177.198.40/32 ! -i lo -j DROP
  136. -A DENYIN -s 116.10.191.165/32 ! -i lo -j DROP
  137. -A DENYOUT -d 219.138.135.62/32 ! -o lo -j LOGDROPOUT
  138. -A DENYOUT -d 116.10.191.187/32 ! -o lo -j LOGDROPOUT
  139. -A DENYOUT -d 116.10.191.162/32 ! -o lo -j LOGDROPOUT
  140. -A DENYOUT -d 116.10.191.171/32 ! -o lo -j LOGDROPOUT
  141. -A DENYOUT -d 62.210.187.41/32 ! -o lo -j LOGDROPOUT
  142. -A DENYOUT -d 61.174.51.219/32 ! -o lo -j LOGDROPOUT
  143. -A DENYOUT -d 61.174.49.116/32 ! -o lo -j LOGDROPOUT
  144. -A DENYOUT -d 116.10.191.163/32 ! -o lo -j LOGDROPOUT
  145. -A DENYOUT -d 139.0.12.151/32 ! -o lo -j LOGDROPOUT
  146. -A DENYOUT -d 187.63.226.82/32 ! -o lo -j LOGDROPOUT
  147. -A DENYOUT -d 61.167.49.132/32 ! -o lo -j LOGDROPOUT
  148. -A DENYOUT -d 116.10.191.189/32 ! -o lo -j LOGDROPOUT
  149. -A DENYOUT -d 61.167.49.141/32 ! -o lo -j LOGDROPOUT
  150. -A DENYOUT -d 189.203.240.53/32 ! -o lo -j LOGDROPOUT
  151. -A DENYOUT -d 116.10.191.194/32 ! -o lo -j LOGDROPOUT
  152. -A DENYOUT -d 219.138.135.59/32 ! -o lo -j LOGDROPOUT
  153. -A DENYOUT -d 61.167.49.143/32 ! -o lo -j LOGDROPOUT
  154. -A DENYOUT -d 116.10.191.174/32 ! -o lo -j LOGDROPOUT
  155. -A DENYOUT -d 61.174.51.221/32 ! -o lo -j LOGDROPOUT
  156. -A DENYOUT -d 183.110.253.233/32 ! -o lo -j LOGDROPOUT
  157. -A DENYOUT -d 148.251.67.106/32 ! -o lo -j LOGDROPOUT
  158. -A DENYOUT -d 115.238.236.81/32 ! -o lo -j LOGDROPOUT
  159. -A DENYOUT -d 173.208.166.66/32 ! -o lo -j LOGDROPOUT
  160. -A DENYOUT -d 222.187.221.152/32 ! -o lo -j LOGDROPOUT
  161. -A DENYOUT -d 222.186.34.117/32 ! -o lo -j LOGDROPOUT
  162. -A DENYOUT -d 222.186.34.115/32 ! -o lo -j LOGDROPOUT
  163. -A DENYOUT -d 222.186.34.116/32 ! -o lo -j LOGDROPOUT
  164. -A DENYOUT -d 222.186.34.123/32 ! -o lo -j LOGDROPOUT
  165. -A DENYOUT -d 222.186.34.119/32 ! -o lo -j LOGDROPOUT
  166. -A DENYOUT -d 222.186.34.114/32 ! -o lo -j LOGDROPOUT
  167. -A DENYOUT -d 119.15.156.221/32 ! -o lo -j LOGDROPOUT
  168. -A DENYOUT -d 222.186.34.118/32 ! -o lo -j LOGDROPOUT
  169. -A DENYOUT -d 222.186.34.122/32 ! -o lo -j LOGDROPOUT
  170. -A DENYOUT -d 222.186.58.205/32 ! -o lo -j LOGDROPOUT
  171. -A DENYOUT -d 175.22.14.71/32 ! -o lo -j LOGDROPOUT
  172. -A DENYOUT -d 115.239.248.85/32 ! -o lo -j LOGDROPOUT
  173. -A DENYOUT -d 61.174.51.197/32 ! -o lo -j LOGDROPOUT
  174. -A DENYOUT -d 222.186.50.229/32 ! -o lo -j LOGDROPOUT
  175. -A DENYOUT -d 116.10.191.172/32 ! -o lo -j LOGDROPOUT
  176. -A DENYOUT -d 116.10.191.211/32 ! -o lo -j LOGDROPOUT
  177. -A DENYOUT -d 202.109.143.42/32 ! -o lo -j LOGDROPOUT
  178. -A DENYOUT -d 202.109.143.20/32 ! -o lo -j LOGDROPOUT
  179. -A DENYOUT -d 202.109.143.95/32 ! -o lo -j LOGDROPOUT
  180. -A DENYOUT -d 111.74.238.124/32 ! -o lo -j LOGDROPOUT
  181. -A DENYOUT -d 202.109.143.53/32 ! -o lo -j LOGDROPOUT
  182. -A DENYOUT -d 61.174.51.198/32 ! -o lo -j LOGDROPOUT
  183. -A DENYOUT -d 116.10.191.170/32 ! -o lo -j LOGDROPOUT
  184. -A DENYOUT -d 116.10.191.164/32 ! -o lo -j LOGDROPOUT
  185. -A DENYOUT -d 116.10.191.206/32 ! -o lo -j LOGDROPOUT
  186. -A DENYOUT -d 122.225.109.208/32 ! -o lo -j LOGDROPOUT
  187. -A DENYOUT -d 189.203.240.56/32 ! -o lo -j LOGDROPOUT
  188. -A DENYOUT -d 222.186.34.143/32 ! -o lo -j LOGDROPOUT
  189. -A DENYOUT -d 115.239.248.122/32 ! -o lo -j LOGDROPOUT
  190. -A DENYOUT -d 115.239.248.50/32 ! -o lo -j LOGDROPOUT
  191. -A DENYOUT -d 117.21.191.209/32 ! -o lo -j LOGDROPOUT
  192. -A DENYOUT -d 115.239.248.57/32 ! -o lo -j LOGDROPOUT
  193. -A DENYOUT -d 115.239.248.51/32 ! -o lo -j LOGDROPOUT
  194. -A DENYOUT -d 220.177.198.24/32 ! -o lo -j LOGDROPOUT
  195. -A DENYOUT -d 115.239.248.121/32 ! -o lo -j LOGDROPOUT
  196. -A DENYOUT -d 220.177.198.93/32 ! -o lo -j LOGDROPOUT
  197. -A DENYOUT -d 116.10.191.178/32 ! -o lo -j LOGDROPOUT
  198. -A DENYOUT -d 115.239.248.90/32 ! -o lo -j LOGDROPOUT
  199. -A DENYOUT -d 220.177.198.38/32 ! -o lo -j LOGDROPOUT
  200. -A DENYOUT -d 220.177.198.40/32 ! -o lo -j LOGDROPOUT
  201. -A DENYOUT -d 116.10.191.165/32 ! -o lo -j LOGDROPOUT
  202. -A INVALID -m state --state INVALID -j INVDROP
  203. -A INVALID -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j INVDROP
  204. -A INVALID -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j INVDROP
  205. -A INVALID -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j INVDROP
  206. -A INVALID -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j INVDROP
  207. -A INVALID -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j INVDROP
  208. -A INVALID -p tcp -m tcp --tcp-flags FIN,ACK FIN -j INVDROP
  209. -A INVALID -p tcp -m tcp --tcp-flags PSH,ACK PSH -j INVDROP
  210. -A INVALID -p tcp -m tcp --tcp-flags ACK,URG URG -j INVDROP
  211. -A INVALID -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j INVDROP
  212. -A INVDROP -j DROP
  213. -A LOCALINPUT ! -i lo -j ALLOWIN
  214. -A LOCALINPUT ! -i lo -j DENYIN
  215. -A LOCALOUTPUT ! -o lo -j ALLOWOUT
  216. -A LOCALOUTPUT ! -o lo -j DENYOUT
  217. -A LOGDROPIN -p tcp -m tcp --dport 67 -j DROP
  218. -A LOGDROPIN -p udp -m udp --dport 67 -j DROP
  219. -A LOGDROPIN -p tcp -m tcp --dport 68 -j DROP
  220. -A LOGDROPIN -p udp -m udp --dport 68 -j DROP
  221. -A LOGDROPIN -p tcp -m tcp --dport 111 -j DROP
  222. -A LOGDROPIN -p udp -m udp --dport 111 -j DROP
  223. -A LOGDROPIN -p tcp -m tcp --dport 113 -j DROP
  224. -A LOGDROPIN -p udp -m udp --dport 113 -j DROP
  225. -A LOGDROPIN -p tcp -m tcp --dport 135:139 -j DROP
  226. -A LOGDROPIN -p udp -m udp --dport 135:139 -j DROP
  227. -A LOGDROPIN -p tcp -m tcp --dport 445 -j DROP
  228. -A LOGDROPIN -p udp -m udp --dport 445 -j DROP
  229. -A LOGDROPIN -p tcp -m tcp --dport 500 -j DROP
  230. -A LOGDROPIN -p udp -m udp --dport 500 -j DROP
  231. -A LOGDROPIN -p tcp -m tcp --dport 513 -j DROP
  232. -A LOGDROPIN -p udp -m udp --dport 513 -j DROP
  233. -A LOGDROPIN -p tcp -m tcp --dport 520 -j DROP
  234. -A LOGDROPIN -p udp -m udp --dport 520 -j DROP
  235. -A LOGDROPIN -p tcp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *TCP_IN Blocked* "
  236. -A LOGDROPIN -p udp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *UDP_IN Blocked* "
  237. -A LOGDROPIN -p icmp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *ICMP_IN Blocked* "
  238. -A LOGDROPIN -j DROP
  239. -A LOGDROPOUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 30/min -j LOG --log-prefix "Firewall: *TCP_OUT Blocked* " --log-uid
  240. -A LOGDROPOUT -p udp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *UDP_OUT Blocked* " --log-uid
  241. -A LOGDROPOUT -p icmp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *ICMP_OUT Blocked* " --log-uid
  242. -A LOGDROPOUT -j DROP
  243. COMMIT
  244. # Completed on Sat Sep 6 13:48:37 2014
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!