API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 5th, 2015
210
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.29 KB | None | 0 0
raw download clone embed print report
  1. Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:12 2015
  2. *security
  3. :INPUT ACCEPT [1400914:876591814]
  4. :FORWARD ACCEPT [0:0]
  5. :OUTPUT ACCEPT [1181573:635010432]
  6. COMMIT
  7. # Completed on Thu Mar 5 11:50:12 2015
  8. # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:12 2015
  9. *raw
  10. :PREROUTING ACCEPT [352:51723]
  11. :OUTPUT ACCEPT [295:332811]
  12. COMMIT
  13. # Completed on Thu Mar 5 11:50:12 2015
  14. # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:12 2015
  15. *nat
  16. :PREROUTING ACCEPT [15:900]
  17. :INPUT ACCEPT [13:780]
  18. :OUTPUT ACCEPT [10:689]
  19. :POSTROUTING ACCEPT [10:689]
  20. COMMIT
  21. # Completed on Thu Mar 5 11:50:12 2015
  22. # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:12 2015
  23. *mangle
  24. :PREROUTING ACCEPT [352:51723]
  25. :INPUT ACCEPT [352:51723]
  26. :FORWARD ACCEPT [0:0]
  27. :OUTPUT ACCEPT [297:333059]
  28. :POSTROUTING ACCEPT [297:333059]
  29. :tcfor - [0:0]
  30. :tcin - [0:0]
  31. :tcout - [0:0]
  32. :tcpost - [0:0]
  33. :tcpre - [0:0]
  34. -A PREROUTING -j tcpre
  35. -A INPUT -j tcin
  36. -A FORWARD -j MARK --set-xmark 0x0/0xff
  37. -A FORWARD -j tcfor
  38. -A OUTPUT -j tcout
  39. -A POSTROUTING -j tcpost
  40. COMMIT
  41. # Completed on Thu Mar 5 11:50:12 2015
  42. # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:12 2015
  43. *filter
  44. :INPUT DROP [0:0]
  45. :FORWARD DROP [0:0]
  46. :OUTPUT DROP [0:0]
  47. :Broadcast - [0:0]
  48. :Drop - [0:0]
  49. :Invalid - [0:0]
  50. :NotSyn - [0:0]
  51. :dynamic - [0:0]
  52. :eth0_fwd - [0:0]
  53. :eth0_in - [0:0]
  54. :eth0_out - [0:0]
  55. :fw2home - [0:0]
  56. :fw2milos - [0:0]
  57. :fw2net - [0:0]
  58. :fw2prod - [0:0]
  59. :fw2smtp - [0:0]
  60. :home2fw - [0:0]
  61. :home2milos - [0:0]
  62. :home2net - [0:0]
  63. :home2prod - [0:0]
  64. :home2smtp - [0:0]
  65. :home_frwd - [0:0]
  66. :logdrop - [0:0]
  67. :logflags - [0:0]
  68. :logreject - [0:0]
  69. :milos2fw - [0:0]
  70. :milos2home - [0:0]
  71. :milos2net - [0:0]
  72. :milos2prod - [0:0]
  73. :milos2smtp - [0:0]
  74. :milos_frwd - [0:0]
  75. :net2fw - [0:0]
  76. :net2home - [0:0]
  77. :net2milos - [0:0]
  78. :net2prod - [0:0]
  79. :net2smtp - [0:0]
  80. :net_frwd - [0:0]
  81. :prod2fw - [0:0]
  82. :prod2home - [0:0]
  83. :prod2milos - [0:0]
  84. :prod2net - [0:0]
  85. :prod2smtp - [0:0]
  86. :prod_frwd - [0:0]
  87. :reject - [0:0]
  88. :shorewall - [0:0]
  89. :smtp2fw - [0:0]
  90. :smtp2home - [0:0]
  91. :smtp2milos - [0:0]
  92. :smtp2net - [0:0]
  93. :smtp2prod - [0:0]
  94. :smtp_frwd - [0:0]
  95. :tcpflags - [0:0]
  96. -A INPUT -i eth0 -j eth0_in
  97. -A INPUT -i lo -j ACCEPT
  98. -A INPUT -j Drop
  99. -A INPUT -j DROP
  100. -A FORWARD -i eth0 -j eth0_fwd
  101. -A FORWARD -j Drop
  102. -A FORWARD -j DROP
  103. -A OUTPUT -o eth0 -j eth0_out
  104. -A OUTPUT -o lo -j ACCEPT
  105. -A OUTPUT -j ACCEPT
  106. -A Broadcast -m addrtype --dst-type BROADCAST -j DROP
  107. -A Broadcast -m addrtype --dst-type MULTICAST -j DROP
  108. -A Broadcast -m addrtype --dst-type ANYCAST -j DROP
  109. -A Broadcast -d 224.0.0.0/4 -j DROP
  110. -A Drop
  111. -A Drop -p tcp -m tcp --dport 113 -m comment --comment Auth -j reject
  112. -A Drop -j Broadcast
  113. -A Drop -p icmp -m icmp --icmp-type 3/4 -m comment --comment "Needed ICMP types" -j ACCEPT
  114. -A Drop -p icmp -m icmp --icmp-type 11 -m comment --comment "Needed ICMP types" -j ACCEPT
  115. -A Drop -j Invalid
  116. -A Drop -p udp -m multiport --dports 135,445 -m comment --comment SMB -j DROP
  117. -A Drop -p udp -m udp --dport 137:139 -m comment --comment SMB -j DROP
  118. -A Drop -p udp -m udp --sport 137 --dport 1024:65535 -m comment --comment SMB -j DROP
  119. -A Drop -p tcp -m multiport --dports 135,139,445 -m comment --comment SMB -j DROP
  120. -A Drop -p udp -m udp --dport 1900 -m comment --comment UPnP -j DROP
  121. -A Drop -p tcp -j NotSyn
  122. -A Drop -p udp -m udp --sport 53 -m comment --comment "Late DNS Replies" -j DROP
  123. -A Invalid -m conntrack --ctstate INVALID -j DROP
  124. -A NotSyn -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
  125. -A eth0_fwd -m conntrack --ctstate INVALID,NEW -j dynamic
  126. -A eth0_fwd -p tcp -j tcpflags
  127. -A eth0_fwd -s 81.151.14.107/32 -j home_frwd
  128. -A eth0_fwd -s 212.71.232.119/32 -j prod_frwd
  129. -A eth0_fwd -s 212.62.35.182/32 -j milos_frwd
  130. -A eth0_fwd -s 74.125.140.109/32 -j smtp_frwd
  131. -A eth0_fwd -j net_frwd
  132. -A eth0_in -m conntrack --ctstate INVALID,NEW -j dynamic
  133. -A eth0_in -p udp -m udp --dport 67:68 -j ACCEPT
  134. -A eth0_in -p tcp -j tcpflags
  135. -A eth0_in -s 81.151.14.107/32 -j home2fw
  136. -A eth0_in -s 212.71.232.119/32 -j prod2fw
  137. -A eth0_in -s 212.62.35.182/32 -j milos2fw
  138. -A eth0_in -s 74.125.140.109/32 -j smtp2fw
  139. -A eth0_in -j net2fw
  140. -A eth0_out -p udp -m udp --dport 67:68 -j ACCEPT
  141. -A eth0_out -d 81.151.14.107/32 -j fw2home
  142. -A eth0_out -d 212.71.232.119/32 -j fw2prod
  143. -A eth0_out -d 212.62.35.182/32 -j fw2milos
  144. -A eth0_out -d 74.125.140.109/32 -j fw2smtp
  145. -A eth0_out -j fw2net
  146. -A fw2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  147. -A fw2home -j ACCEPT
  148. -A fw2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  149. -A fw2milos -j ACCEPT
  150. -A fw2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  151. -A fw2net -j ACCEPT
  152. -A fw2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  153. -A fw2prod -j ACCEPT
  154. -A fw2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  155. -A fw2smtp -j ACCEPT
  156. -A home2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  157. -A home2fw -p tcp -m multiport --dports 22,80,443 -j ACCEPT
  158. -A home2fw -j Drop
  159. -A home2fw -j DROP
  160. -A home2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  161. -A home2milos -j Drop
  162. -A home2milos -j DROP
  163. -A home2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  164. -A home2net -j Drop
  165. -A home2net -j DROP
  166. -A home2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  167. -A home2prod -j Drop
  168. -A home2prod -j DROP
  169. -A home2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  170. -A home2smtp -j Drop
  171. -A home2smtp -j DROP
  172. -A home_frwd -d 212.71.232.119/32 -o eth0 -j home2prod
  173. -A home_frwd -d 212.62.35.182/32 -o eth0 -j home2milos
  174. -A home_frwd -d 74.125.140.109/32 -o eth0 -j home2smtp
  175. -A home_frwd -o eth0 -j home2net
  176. -A logdrop -j DROP
  177. -A logflags -j LOG --log-prefix "Shorewall:logflags:DROP:" --log-level 6 --log-ip-options
  178. -A logflags -j DROP
  179. -A logreject -j reject
  180. -A milos2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  181. -A milos2fw -p tcp -m multiport --dports 22,80,443 -j ACCEPT
  182. -A milos2fw -j Drop
  183. -A milos2fw -j DROP
  184. -A milos2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  185. -A milos2home -j Drop
  186. -A milos2home -j DROP
  187. -A milos2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  188. -A milos2net -j Drop
  189. -A milos2net -j DROP
  190. -A milos2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  191. -A milos2prod -j Drop
  192. -A milos2prod -j DROP
  193. -A milos2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  194. -A milos2smtp -j Drop
  195. -A milos2smtp -j DROP
  196. -A milos_frwd -d 81.151.14.107/32 -o eth0 -j milos2home
  197. -A milos_frwd -d 212.71.232.119/32 -o eth0 -j milos2prod
  198. -A milos_frwd -d 74.125.140.109/32 -o eth0 -j milos2smtp
  199. -A milos_frwd -o eth0 -j milos2net
  200. -A net2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  201. -A net2fw -p tcp -m multiport --dports 80,443 -j ACCEPT
  202. -A net2fw -j Drop
  203. -A net2fw -j DROP
  204. -A net2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  205. -A net2home -j Drop
  206. -A net2home -j DROP
  207. -A net2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  208. -A net2milos -j Drop
  209. -A net2milos -j DROP
  210. -A net2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  211. -A net2prod -j Drop
  212. -A net2prod -j DROP
  213. -A net2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  214. -A net2smtp -j Drop
  215. -A net2smtp -j DROP
  216. -A net_frwd -d 81.151.14.107/32 -o eth0 -j net2home
  217. -A net_frwd -d 212.71.232.119/32 -o eth0 -j net2prod
  218. -A net_frwd -d 212.62.35.182/32 -o eth0 -j net2milos
  219. -A net_frwd -d 74.125.140.109/32 -o eth0 -j net2smtp
  220. -A prod2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  221. -A prod2fw -p tcp -m multiport --dports 22,80,443 -j ACCEPT
  222. -A prod2fw -j Drop
  223. -A prod2fw -j DROP
  224. -A prod2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  225. -A prod2home -j Drop
  226. -A prod2home -j DROP
  227. -A prod2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  228. -A prod2milos -j Drop
  229. -A prod2milos -j DROP
  230. -A prod2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  231. -A prod2net -j Drop
  232. -A prod2net -j DROP
  233. -A prod2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  234. -A prod2smtp -j Drop
  235. -A prod2smtp -j DROP
  236. -A prod_frwd -d 81.151.14.107/32 -o eth0 -j prod2home
  237. -A prod_frwd -d 212.62.35.182/32 -o eth0 -j prod2milos
  238. -A prod_frwd -d 74.125.140.109/32 -o eth0 -j prod2smtp
  239. -A prod_frwd -o eth0 -j prod2net
  240. -A reject -m addrtype --src-type BROADCAST -j DROP
  241. -A reject -s 224.0.0.0/4 -j DROP
  242. -A reject -p igmp -j DROP
  243. -A reject -p tcp -j REJECT --reject-with tcp-reset
  244. -A reject -p udp -j REJECT --reject-with icmp-port-unreachable
  245. -A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
  246. -A reject -j REJECT --reject-with icmp-host-prohibited
  247. -A smtp2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  248. -A smtp2fw -j Drop
  249. -A smtp2fw -j DROP
  250. -A smtp2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  251. -A smtp2home -j Drop
  252. -A smtp2home -j DROP
  253. -A smtp2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  254. -A smtp2milos -j Drop
  255. -A smtp2milos -j DROP
  256. -A smtp2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  257. -A smtp2net -j Drop
  258. -A smtp2net -j DROP
  259. -A smtp2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  260. -A smtp2prod -j Drop
  261. -A smtp2prod -j DROP
  262. -A smtp_frwd -d 81.151.14.107/32 -o eth0 -j smtp2home
  263. -A smtp_frwd -d 212.71.232.119/32 -o eth0 -j smtp2prod
  264. -A smtp_frwd -d 212.62.35.182/32 -o eth0 -j smtp2milos
  265. -A smtp_frwd -o eth0 -j smtp2net
  266. -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
  267. -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
  268. -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
  269. -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
  270. -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
  271. COMMIT
  272. # Completed on Thu Mar 5 11:50:12 2015
  273. root@testing-cubasolidays:/etc/shorewall# clear
  274.  
  275. root@testing-cubasolidays:/etc/shorewall# iptables-save
  276. # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:38 2015
  277. *security
  278. :INPUT ACCEPT [1400959:876594578]
  279. :FORWARD ACCEPT [0:0]
  280. :OUTPUT ACCEPT [1181601:635031808]
  281. COMMIT
  282. # Completed on Thu Mar 5 11:50:38 2015
  283. # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:38 2015
  284. *raw
  285. :PREROUTING ACCEPT [397:54487]
  286. :OUTPUT ACCEPT [320:354031]
  287. COMMIT
  288. # Completed on Thu Mar 5 11:50:38 2015
  289. # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:38 2015
  290. *nat
  291. :PREROUTING ACCEPT [15:900]
  292. :INPUT ACCEPT [13:780]
  293. :OUTPUT ACCEPT [10:689]
  294. :POSTROUTING ACCEPT [10:689]
  295. COMMIT
  296. # Completed on Thu Mar 5 11:50:38 2015
  297. # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:38 2015
  298. *mangle
  299. :PREROUTING ACCEPT [397:54487]
  300. :INPUT ACCEPT [397:54487]
  301. :FORWARD ACCEPT [0:0]
  302. :OUTPUT ACCEPT [325:355083]
  303. :POSTROUTING ACCEPT [325:355083]
  304. :tcfor - [0:0]
  305. :tcin - [0:0]
  306. :tcout - [0:0]
  307. :tcpost - [0:0]
  308. :tcpre - [0:0]
  309. -A PREROUTING -j tcpre
  310. -A INPUT -j tcin
  311. -A FORWARD -j MARK --set-xmark 0x0/0xff
  312. -A FORWARD -j tcfor
  313. -A OUTPUT -j tcout
  314. -A POSTROUTING -j tcpost
  315. COMMIT
  316. # Completed on Thu Mar 5 11:50:38 2015
  317. # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:38 2015
  318. *filter
  319. :INPUT DROP [0:0]
  320. :FORWARD DROP [0:0]
  321. :OUTPUT DROP [0:0]
  322. :Broadcast - [0:0]
  323. :Drop - [0:0]
  324. :Invalid - [0:0]
  325. :NotSyn - [0:0]
  326. :dynamic - [0:0]
  327. :eth0_fwd - [0:0]
  328. :eth0_in - [0:0]
  329. :eth0_out - [0:0]
  330. :fw2home - [0:0]
  331. :fw2milos - [0:0]
  332. :fw2net - [0:0]
  333. :fw2prod - [0:0]
  334. :fw2smtp - [0:0]
  335. :home2fw - [0:0]
  336. :home2milos - [0:0]
  337. :home2net - [0:0]
  338. :home2prod - [0:0]
  339. :home2smtp - [0:0]
  340. :home_frwd - [0:0]
  341. :logdrop - [0:0]
  342. :logflags - [0:0]
  343. :logreject - [0:0]
  344. :milos2fw - [0:0]
  345. :milos2home - [0:0]
  346. :milos2net - [0:0]
  347. :milos2prod - [0:0]
  348. :milos2smtp - [0:0]
  349. :milos_frwd - [0:0]
  350. :net2fw - [0:0]
  351. :net2home - [0:0]
  352. :net2milos - [0:0]
  353. :net2prod - [0:0]
  354. :net2smtp - [0:0]
  355. :net_frwd - [0:0]
  356. :prod2fw - [0:0]
  357. :prod2home - [0:0]
  358. :prod2milos - [0:0]
  359. :prod2net - [0:0]
  360. :prod2smtp - [0:0]
  361. :prod_frwd - [0:0]
  362. :reject - [0:0]
  363. :shorewall - [0:0]
  364. :smtp2fw - [0:0]
  365. :smtp2home - [0:0]
  366. :smtp2milos - [0:0]
  367. :smtp2net - [0:0]
  368. :smtp2prod - [0:0]
  369. :smtp_frwd - [0:0]
  370. :tcpflags - [0:0]
  371. -A INPUT -i eth0 -j eth0_in
  372. -A INPUT -i lo -j ACCEPT
  373. -A INPUT -j Drop
  374. -A INPUT -j DROP
  375. -A FORWARD -i eth0 -j eth0_fwd
  376. -A FORWARD -j Drop
  377. -A FORWARD -j DROP
  378. -A OUTPUT -o eth0 -j eth0_out
  379. -A OUTPUT -o lo -j ACCEPT
  380. -A OUTPUT -j ACCEPT
  381. -A Broadcast -m addrtype --dst-type BROADCAST -j DROP
  382. -A Broadcast -m addrtype --dst-type MULTICAST -j DROP
  383. -A Broadcast -m addrtype --dst-type ANYCAST -j DROP
  384. -A Broadcast -d 224.0.0.0/4 -j DROP
  385. -A Drop
  386. -A Drop -p tcp -m tcp --dport 113 -m comment --comment Auth -j reject
  387. -A Drop -j Broadcast
  388. -A Drop -p icmp -m icmp --icmp-type 3/4 -m comment --comment "Needed ICMP types" -j ACCEPT
  389. -A Drop -p icmp -m icmp --icmp-type 11 -m comment --comment "Needed ICMP types" -j ACCEPT
  390. -A Drop -j Invalid
  391. -A Drop -p udp -m multiport --dports 135,445 -m comment --comment SMB -j DROP
  392. -A Drop -p udp -m udp --dport 137:139 -m comment --comment SMB -j DROP
  393. -A Drop -p udp -m udp --sport 137 --dport 1024:65535 -m comment --comment SMB -j DROP
  394. -A Drop -p tcp -m multiport --dports 135,139,445 -m comment --comment SMB -j DROP
  395. -A Drop -p udp -m udp --dport 1900 -m comment --comment UPnP -j DROP
  396. -A Drop -p tcp -j NotSyn
  397. -A Drop -p udp -m udp --sport 53 -m comment --comment "Late DNS Replies" -j DROP
  398. -A Invalid -m conntrack --ctstate INVALID -j DROP
  399. -A NotSyn -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
  400. -A eth0_fwd -m conntrack --ctstate INVALID,NEW -j dynamic
  401. -A eth0_fwd -p tcp -j tcpflags
  402. -A eth0_fwd -s 81.151.14.107/32 -j home_frwd
  403. -A eth0_fwd -s 212.71.232.119/32 -j prod_frwd
  404. -A eth0_fwd -s 212.62.35.182/32 -j milos_frwd
  405. -A eth0_fwd -s 74.125.140.109/32 -j smtp_frwd
  406. -A eth0_fwd -j net_frwd
  407. -A eth0_in -m conntrack --ctstate INVALID,NEW -j dynamic
  408. -A eth0_in -p udp -m udp --dport 67:68 -j ACCEPT
  409. -A eth0_in -p tcp -j tcpflags
  410. -A eth0_in -s 81.151.14.107/32 -j home2fw
  411. -A eth0_in -s 212.71.232.119/32 -j prod2fw
  412. -A eth0_in -s 212.62.35.182/32 -j milos2fw
  413. -A eth0_in -s 74.125.140.109/32 -j smtp2fw
  414. -A eth0_in -j net2fw
  415. -A eth0_out -p udp -m udp --dport 67:68 -j ACCEPT
  416. -A eth0_out -d 81.151.14.107/32 -j fw2home
  417. -A eth0_out -d 212.71.232.119/32 -j fw2prod
  418. -A eth0_out -d 212.62.35.182/32 -j fw2milos
  419. -A eth0_out -d 74.125.140.109/32 -j fw2smtp
  420. -A eth0_out -j fw2net
  421. -A fw2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  422. -A fw2home -j ACCEPT
  423. -A fw2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  424. -A fw2milos -j ACCEPT
  425. -A fw2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  426. -A fw2net -j ACCEPT
  427. -A fw2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  428. -A fw2prod -j ACCEPT
  429. -A fw2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  430. -A fw2smtp -j ACCEPT
  431. -A home2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  432. -A home2fw -p tcp -m multiport --dports 22,80,443 -j ACCEPT
  433. -A home2fw -j Drop
  434. -A home2fw -j DROP
  435. -A home2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  436. -A home2milos -j Drop
  437. -A home2milos -j DROP
  438. -A home2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  439. -A home2net -j Drop
  440. -A home2net -j DROP
  441. -A home2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  442. -A home2prod -j Drop
  443. -A home2prod -j DROP
  444. -A home2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  445. -A home2smtp -j Drop
  446. -A home2smtp -j DROP
  447. -A home_frwd -d 212.71.232.119/32 -o eth0 -j home2prod
  448. -A home_frwd -d 212.62.35.182/32 -o eth0 -j home2milos
  449. -A home_frwd -d 74.125.140.109/32 -o eth0 -j home2smtp
  450. -A home_frwd -o eth0 -j home2net
  451. -A logdrop -j DROP
  452. -A logflags -j LOG --log-prefix "Shorewall:logflags:DROP:" --log-level 6 --log-ip-options
  453. -A logflags -j DROP
  454. -A logreject -j reject
  455. -A milos2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  456. -A milos2fw -p tcp -m multiport --dports 22,80,443 -j ACCEPT
  457. -A milos2fw -j Drop
  458. -A milos2fw -j DROP
  459. -A milos2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  460. -A milos2home -j Drop
  461. -A milos2home -j DROP
  462. -A milos2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  463. -A milos2net -j Drop
  464. -A milos2net -j DROP
  465. -A milos2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  466. -A milos2prod -j Drop
  467. -A milos2prod -j DROP
  468. -A milos2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  469. -A milos2smtp -j Drop
  470. -A milos2smtp -j DROP
  471. -A milos_frwd -d 81.151.14.107/32 -o eth0 -j milos2home
  472. -A milos_frwd -d 212.71.232.119/32 -o eth0 -j milos2prod
  473. -A milos_frwd -d 74.125.140.109/32 -o eth0 -j milos2smtp
  474. -A milos_frwd -o eth0 -j milos2net
  475. -A net2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  476. -A net2fw -p tcp -m multiport --dports 80,443 -j ACCEPT
  477. -A net2fw -j Drop
  478. -A net2fw -j DROP
  479. -A net2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  480. -A net2home -j Drop
  481. -A net2home -j DROP
  482. -A net2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  483. -A net2milos -j Drop
  484. -A net2milos -j DROP
  485. -A net2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  486. -A net2prod -j Drop
  487. -A net2prod -j DROP
  488. -A net2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  489. -A net2smtp -j Drop
  490. -A net2smtp -j DROP
  491. -A net_frwd -d 81.151.14.107/32 -o eth0 -j net2home
  492. -A net_frwd -d 212.71.232.119/32 -o eth0 -j net2prod
  493. -A net_frwd -d 212.62.35.182/32 -o eth0 -j net2milos
  494. -A net_frwd -d 74.125.140.109/32 -o eth0 -j net2smtp
  495. -A prod2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  496. -A prod2fw -p tcp -m multiport --dports 22,80,443 -j ACCEPT
  497. -A prod2fw -j Drop
  498. -A prod2fw -j DROP
  499. -A prod2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  500. -A prod2home -j Drop
  501. -A prod2home -j DROP
  502. -A prod2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  503. -A prod2milos -j Drop
  504. -A prod2milos -j DROP
  505. -A prod2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  506. -A prod2net -j Drop
  507. -A prod2net -j DROP
  508. -A prod2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  509. -A prod2smtp -j Drop
  510. -A prod2smtp -j DROP
  511. -A prod_frwd -d 81.151.14.107/32 -o eth0 -j prod2home
  512. -A prod_frwd -d 212.62.35.182/32 -o eth0 -j prod2milos
  513. -A prod_frwd -d 74.125.140.109/32 -o eth0 -j prod2smtp
  514. -A prod_frwd -o eth0 -j prod2net
  515. -A reject -m addrtype --src-type BROADCAST -j DROP
  516. -A reject -s 224.0.0.0/4 -j DROP
  517. -A reject -p igmp -j DROP
  518. -A reject -p tcp -j REJECT --reject-with tcp-reset
  519. -A reject -p udp -j REJECT --reject-with icmp-port-unreachable
  520. -A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
  521. -A reject -j REJECT --reject-with icmp-host-prohibited
  522. -A smtp2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  523. -A smtp2fw -j Drop
  524. -A smtp2fw -j DROP
  525. -A smtp2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  526. -A smtp2home -j Drop
  527. -A smtp2home -j DROP
  528. -A smtp2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  529. -A smtp2milos -j Drop
  530. -A smtp2milos -j DROP
  531. -A smtp2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  532. -A smtp2net -j Drop
  533. -A smtp2net -j DROP
  534. -A smtp2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  535. -A smtp2prod -j Drop
  536. -A smtp2prod -j DROP
  537. -A smtp_frwd -d 81.151.14.107/32 -o eth0 -j smtp2home
  538. -A smtp_frwd -d 212.71.232.119/32 -o eth0 -j smtp2prod
  539. -A smtp_frwd -d 212.62.35.182/32 -o eth0 -j smtp2milos
  540. -A smtp_frwd -o eth0 -j smtp2net
  541. -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
  542. -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
  543. -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
  544. -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
  545. -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
  546. COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!