API tools faq
paste
Advertisement
akass

Untitled

akass
Mar 31st, 2015
217
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.47 KB | None | 0 0
raw download clone embed print report
  1. *nat
  2. :PREROUTING ACCEPT [7:931]
  3. :INPUT ACCEPT [7:931]
  4. :OUTPUT ACCEPT [17:1300]
  5. :POSTROUTING ACCEPT [17:1300]
  6. :OUTPUT_direct - [0:0]
  7. :POSTROUTING_ZONES - [0:0]
  8. :POSTROUTING_ZONES_SOURCE - [0:0]
  9. :POSTROUTING_direct - [0:0]
  10. :POST_FedoraWorkstation - [0:0]
  11. :POST_FedoraWorkstation_allow - [0:0]
  12. :POST_FedoraWorkstation_deny - [0:0]
  13. :POST_FedoraWorkstation_log - [0:0]
  14. :PREROUTING_ZONES - [0:0]
  15. :PREROUTING_ZONES_SOURCE - [0:0]
  16. :PREROUTING_direct - [0:0]
  17. :PRE_FedoraWorkstation - [0:0]
  18. :PRE_FedoraWorkstation_allow - [0:0]
  19. :PRE_FedoraWorkstation_deny - [0:0]
  20. :PRE_FedoraWorkstation_log - [0:0]
  21. -A PREROUTING -j PREROUTING_direct
  22. -A PREROUTING -j PREROUTING_ZONES_SOURCE
  23. -A PREROUTING -j PREROUTING_ZONES
  24. -A OUTPUT -j OUTPUT_direct
  25. -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
  26. -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
  27. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
  28. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
  29. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
  30. -A POSTROUTING -j POSTROUTING_direct
  31. -A POSTROUTING -j POSTROUTING_ZONES_SOURCE
  32. -A POSTROUTING -j POSTROUTING_ZONES
  33. -A POSTROUTING_ZONES -o virbr0 -g POST_FedoraWorkstation
  34. -A POSTROUTING_ZONES -o eno16777736 -g POST_FedoraWorkstation
  35. -A POSTROUTING_ZONES -g POST_FedoraWorkstation
  36. -A POST_FedoraWorkstation -j POST_FedoraWorkstation_log
  37. -A POST_FedoraWorkstation -j POST_FedoraWorkstation_deny
  38. -A POST_FedoraWorkstation -j POST_FedoraWorkstation_allow
  39. -A PREROUTING_ZONES -i virbr0 -g PRE_FedoraWorkstation
  40. -A PREROUTING_ZONES -i eno16777736 -g PRE_FedoraWorkstation
  41. -A PREROUTING_ZONES -g PRE_FedoraWorkstation
  42. -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
  43. -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
  44. -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
  45. COMMIT
  46. # Completed on Tue Mar 31 21:10:51 2015
  47. # Generated by iptables-save v1.4.21 on Tue Mar 31 21:10:51 2015
  48. *mangle
  49. :PREROUTING ACCEPT [120:10097]
  50. :INPUT ACCEPT [120:10097]
  51. :FORWARD ACCEPT [0:0]
  52. :OUTPUT ACCEPT [75:5866]
  53. :POSTROUTING ACCEPT [81:6544]
  54. :FORWARD_direct - [0:0]
  55. :INPUT_direct - [0:0]
  56. :OUTPUT_direct - [0:0]
  57. :POSTROUTING_direct - [0:0]
  58. :PREROUTING_ZONES - [0:0]
  59. :PREROUTING_ZONES_SOURCE - [0:0]
  60. :PREROUTING_direct - [0:0]
  61. :PRE_FedoraWorkstation - [0:0]
  62. :PRE_FedoraWorkstation_allow - [0:0]
  63. :PRE_FedoraWorkstation_deny - [0:0]
  64. :PRE_FedoraWorkstation_log - [0:0]
  65. -A PREROUTING -j PREROUTING_direct
  66. -A PREROUTING -j PREROUTING_ZONES_SOURCE
  67. -A PREROUTING -j PREROUTING_ZONES
  68. -A INPUT -j INPUT_direct
  69. -A FORWARD -j FORWARD_direct
  70. -A OUTPUT -j OUTPUT_direct
  71. -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
  72. -A POSTROUTING -j POSTROUTING_direct
  73. -A PREROUTING_ZONES -i virbr0 -g PRE_FedoraWorkstation
  74. -A PREROUTING_ZONES -i eno16777736 -g PRE_FedoraWorkstation
  75. -A PREROUTING_ZONES -g PRE_FedoraWorkstation
  76. -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
  77. -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
  78. -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
  79. COMMIT
  80. # Completed on Tue Mar 31 21:10:51 2015
  81. # Generated by iptables-save v1.4.21 on Tue Mar 31 21:10:51 2015
  82. *security
  83. :INPUT ACCEPT [140:12649]
  84. :FORWARD ACCEPT [0:0]
  85. :OUTPUT ACCEPT [102:8698]
  86. :FORWARD_direct - [0:0]
  87. :INPUT_direct - [0:0]
  88. :OUTPUT_direct - [0:0]
  89. -A INPUT -j INPUT_direct
  90. -A FORWARD -j FORWARD_direct
  91. -A OUTPUT -j OUTPUT_direct
  92. COMMIT
  93. # Completed on Tue Mar 31 21:10:51 2015
  94. # Generated by iptables-save v1.4.21 on Tue Mar 31 21:10:51 2015
  95. *raw
  96. :PREROUTING ACCEPT [141:12977]
  97. :OUTPUT ACCEPT [102:8698]
  98. :OUTPUT_direct - [0:0]
  99. :PREROUTING_direct - [0:0]
  100. -A PREROUTING -j PREROUTING_direct
  101. -A OUTPUT -j OUTPUT_direct
  102. COMMIT
  103. # Completed on Tue Mar 31 21:10:51 2015
  104. # Generated by iptables-save v1.4.21 on Tue Mar 31 21:10:51 2015
  105. *filter
  106. :INPUT ACCEPT [0:0]
  107. :FORWARD ACCEPT [0:0]
  108. :OUTPUT ACCEPT [75:5866]
  109. :FORWARD_IN_ZONES - [0:0]
  110. :FORWARD_IN_ZONES_SOURCE - [0:0]
  111. :FORWARD_OUT_ZONES - [0:0]
  112. :FORWARD_OUT_ZONES_SOURCE - [0:0]
  113. :FORWARD_direct - [0:0]
  114. :FWDI_FedoraWorkstation - [0:0]
  115. :FWDI_FedoraWorkstation_allow - [0:0]
  116. :FWDI_FedoraWorkstation_deny - [0:0]
  117. :FWDI_FedoraWorkstation_log - [0:0]
  118. :FWDO_FedoraWorkstation - [0:0]
  119. :FWDO_FedoraWorkstation_allow - [0:0]
  120. :FWDO_FedoraWorkstation_deny - [0:0]
  121. :FWDO_FedoraWorkstation_log - [0:0]
  122. :INPUT_ZONES - [0:0]
  123. :INPUT_ZONES_SOURCE - [0:0]
  124. :INPUT_direct - [0:0]
  125. :IN_FedoraWorkstation - [0:0]
  126. :IN_FedoraWorkstation_allow - [0:0]
  127. :IN_FedoraWorkstation_deny - [0:0]
  128. :IN_FedoraWorkstation_log - [0:0]
  129. :OUTPUT_direct - [0:0]
  130. -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
  131. -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
  132. -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
  133. -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
  134. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  135. -A INPUT -i lo -j ACCEPT
  136. -A INPUT -j INPUT_direct
  137. -A INPUT -j INPUT_ZONES_SOURCE
  138. -A INPUT -j INPUT_ZONES
  139. -A INPUT -p icmp -j ACCEPT
  140. -A INPUT -m conntrack --ctstate INVALID -j DROP
  141. -A INPUT -j REJECT --reject-with icmp-host-prohibited
  142. -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  143. -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
  144. -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
  145. -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
  146. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
  147. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  148. -A FORWARD -i lo -j ACCEPT
  149. -A FORWARD -j FORWARD_direct
  150. -A FORWARD -j FORWARD_IN_ZONES_SOURCE
  151. -A FORWARD -j FORWARD_IN_ZONES
  152. -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
  153. -A FORWARD -j FORWARD_OUT_ZONES
  154. -A FORWARD -p icmp -j ACCEPT
  155. -A FORWARD -m conntrack --ctstate INVALID -j DROP
  156. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  157. -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
  158. -A OUTPUT -j OUTPUT_direct
  159. -A FORWARD_IN_ZONES -i virbr0 -g FWDI_FedoraWorkstation
  160. -A FORWARD_IN_ZONES -i eno16777736 -g FWDI_FedoraWorkstation
  161. -A FORWARD_IN_ZONES -g FWDI_FedoraWorkstation
  162. -A FORWARD_OUT_ZONES -o virbr0 -g FWDO_FedoraWorkstation
  163. -A FORWARD_OUT_ZONES -o eno16777736 -g FWDO_FedoraWorkstation
  164. -A FORWARD_OUT_ZONES -g FWDO_FedoraWorkstation
  165. -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_log
  166. -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_deny
  167. -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_allow
  168. -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_log
  169. -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_deny
  170. -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_allow
  171. -A INPUT_ZONES -i virbr0 -g IN_FedoraWorkstation
  172. -A INPUT_ZONES -i eno16777736 -g IN_FedoraWorkstation
  173. -A INPUT_ZONES -g IN_FedoraWorkstation
  174. -A IN_FedoraWorkstation -j IN_FedoraWorkstation_log
  175. -A IN_FedoraWorkstation -j IN_FedoraWorkstation_deny
  176. -A IN_FedoraWorkstation -j IN_FedoraWorkstation_allow
  177. -A IN_FedoraWorkstation_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW -j ACCEPT
  178. -A IN_FedoraWorkstation_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW -j ACCEPT
  179. -A IN_FedoraWorkstation_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW -j ACCEPT
  180. -A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
  181. -A IN_FedoraWorkstation_allow -p udp -m udp --dport 1025:65535 -m conntrack --ctstate NEW -j ACCEPT
  182. -A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 1025:65535 -m conntrack --ctstate NEW -j ACCEPT
  183. COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!