Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -i enp3s0 -p tcp -s 10.64.32.0/24 --dport 22 -j ACCEPT
- -A INPUT -i enp3s0 -p tcp -s 10.64.32.0/24 --dport 53 -j ACCEPT
- -A INPUT -i enp3s0 -p udp -s 10.64.32.0/24 --dport 53 -j ACCEPT
- -A INPUT -i enp3s0 -p udp -s 10.64.32.0/24 --sport 68 --dport 67 -j ACCEPT
- -A INPUT -i enp3s0 -p tcp -s 10.64.32.0/24 --dport 80 -j ACCEPT
- -A INPUT -i enp0s20u1u3 -p udp -s 10.64.32.0/24 --sport 67 --dport 67 -j ACCEPT
- -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i enp0s20u1u3 -o enp3s0 -p tcp -d 10.63.32.10 --dport 443 -j ACCEPT
- -A FORWARD -i enp3s0 -o enp0s20u1u3 -j ACCEPT
- # Default rules:
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -p tcp -j REJECT --reject-with tcp-reset
- -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
- -A INPUT -j REJECT --reject-with icmp-proto-unreachable
- COMMIT
- *nat
- :PREROUTING ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- -A PREROUTING -i enp0s20u1u3 -p tcp --dport 443 -j DNAT --to 10.64.32.10:443
- -A POSTROUTING -s 10.64.32.0/24 -o enp0s20u1u3 -j MASQUERADE
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
