API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 26th, 2014
247
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.40 KB | None | 0 0
raw download clone embed print report
  1. $ iptables -L -n
  2. Chain INPUT (policy DROP)
  3. target prot opt source destination
  4. fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
  5. ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
  6. ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
  7. ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
  8. REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable
  9. ACCEPT all -- 107.170.58.141 0.0.0.0/0
  10. ACCEPT all -- 10.128.48.203 0.0.0.0/0
  11. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
  12. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW
  13. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW
  14. LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 4 prefix "IPTables Dropped: "
  15. ACCEPT all -- 107.170.58.141 0.0.0.0/0
  16.  
  17. Chain FORWARD (policy DROP)
  18. target prot opt source destination
  19. ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:8080
  20. ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:29015
  21. ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:28015
  22.  
  23. Chain OUTPUT (policy ACCEPT)
  24. target prot opt source destination
  25.  
  26. Chain fail2ban-ssh (1 references)
  27. target prot opt source destination
  28. RETURN all -- 0.0.0.0/0 0.0.0.0/0
  29.  
  30.  
  31.  
  32.  
  33. $ iptables-save
  34. # Generated by iptables-save v1.4.21 on Sat Apr 26 04:36:53 2014
  35. *filter
  36. :INPUT DROP [0:0]
  37. :FORWARD DROP [55:3276]
  38. :OUTPUT ACCEPT [1258:161636]
  39. :fail2ban-ssh - [0:0]
  40. -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
  41. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  42. -A INPUT -p icmp -j ACCEPT
  43. -A INPUT -i lo -j ACCEPT
  44. -A INPUT -d 127.0.0.0/8 -j REJECT --reject-with icmp-port-unreachable
  45. -A INPUT -s 107.170.58.141/32 -j ACCEPT
  46. -A INPUT -s 10.128.48.203/32 -j ACCEPT
  47. -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
  48. -A INPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
  49. -A INPUT -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
  50. -A INPUT -m limit --limit 5/min -j LOG --log-prefix "IPTables Dropped: "
  51. -A INPUT -s 107.170.58.141/32 -j ACCEPT
  52. -A FORWARD -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT
  53. -A FORWARD -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 29015 -j ACCEPT
  54. -A FORWARD -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 28015 -j ACCEPT
  55. -A fail2ban-ssh -j RETURN
  56. COMMIT
  57. # Completed on Sat Apr 26 04:36:53 2014
  58. # Generated by iptables-save v1.4.21 on Sat Apr 26 04:36:53 2014
  59. *nat
  60. :PREROUTING ACCEPT [12:696]
  61. :INPUT ACCEPT [0:0]
  62. :OUTPUT ACCEPT [90:5400]
  63. :POSTROUTING ACCEPT [93:5588]
  64. :DOCKER - [0:0]
  65. -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
  66. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
  67. -A POSTROUTING -s 172.17.0.0/16 ! -d 172.17.0.0/16 -j MASQUERADE
  68. -A DOCKER ! -i docker0 -p tcp -m tcp --dport 28015 -j DNAT --to-destination 172.17.0.2:28015
  69. -A DOCKER ! -i docker0 -p tcp -m tcp --dport 29015 -j DNAT --to-destination 172.17.0.2:29015
  70. -A DOCKER ! -i docker0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.17.0.2:8080
  71. COMMIT
  72. # Completed on Sat Apr 26 04:36:53 2014
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!