Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -P INPUT ACCEPT
- -P FORWARD ACCEPT
- -P OUTPUT ACCEPT
- -N DOCKER
- -N FORWARD_IN_ZONES
- -N FORWARD_IN_ZONES_SOURCE
- -N FORWARD_OUT_ZONES
- -N FORWARD_OUT_ZONES_SOURCE
- -N FORWARD_direct
- -N FWDI_public
- -N FWDI_public_allow
- -N FWDI_public_deny
- -N FWDI_public_log
- -N FWDO_public
- -N FWDO_public_allow
- -N FWDO_public_deny
- -N FWDO_public_log
- -N INPUT_ZONES
- -N INPUT_ZONES_SOURCE
- -N INPUT_direct
- -N IN_public
- -N IN_public_allow
- -N IN_public_deny
- -N IN_public_log
- -N OUTPUT_direct
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -j INPUT_direct
- -A INPUT -j INPUT_ZONES_SOURCE
- -A INPUT -j INPUT_ZONES
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- -A FORWARD -o docker0 -j DOCKER
- -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
- -A FORWARD -i docker0 -o docker0 -j ACCEPT
- -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i lo -j ACCEPT
- -A FORWARD -j FORWARD_direct
- -A FORWARD -j FORWARD_IN_ZONES_SOURCE
- -A FORWARD -j FORWARD_IN_ZONES
- -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
- -A FORWARD -j FORWARD_OUT_ZONES
- -A FORWARD -p icmp -j ACCEPT
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
- -A OUTPUT -j OUTPUT_direct
- -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5559 -j ACCEPT
- -A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 27017 -j ACCEPT
- -A DOCKER -d 172.17.0.6/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5559 -j ACCEPT
- -A DOCKER -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5559 -j ACCEPT
- -A DOCKER -d 172.17.0.8/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5559 -j ACCEPT
- -A FORWARD_IN_ZONES -i eth0 -g FWDI_public
- -A FORWARD_IN_ZONES -g FWDI_public
- -A FORWARD_OUT_ZONES -o eth0 -g FWDO_public
- -A FORWARD_OUT_ZONES -g FWDO_public
- -A FWDI_public -j FWDI_public_log
- -A FWDI_public -j FWDI_public_deny
- -A FWDI_public -j FWDI_public_allow
- -A FWDO_public -j FWDO_public_log
- -A FWDO_public -j FWDO_public_deny
- -A FWDO_public -j FWDO_public_allow
- -A FWDO_public_allow -j ACCEPT
- -A INPUT_ZONES -i eth0 -g IN_public
- -A INPUT_ZONES -g IN_public
- -A INPUT_direct -p gre -j ACCEPT
- -A INPUT_direct -p tcp -m tcp --dport 29019 -j REJECT --reject-with icmp-port-unreachable
- -A INPUT_direct -p tcp -m tcp --dport 29019 -j DROP
- -A IN_public -j IN_public_log
- -A IN_public -j IN_public_deny
- -A IN_public -j IN_public_allow
- -A IN_public_allow -p tcp -m tcp --dport 1723 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement