API tools faq
paste
Guest User

Untitled

a guest
Feb 19th, 2023
41
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.61 KB | None | 0 0
raw download clone embed print report
  1. utm:/var/mdw/etc/iptables # cat ip6table.filter
  2. # Generated by ip6tables-save v1.4.4 on Mon Feb 1 14:28:25 2010
  3. *filter
  4. :INPUT DROP [0:0]
  5. :FORWARD DROP [0:0]
  6. :OUTPUT DROP [0:0]
  7. :GEOIP_REJECT - [0:0]
  8. :GEOIP_OUT - [0:0]
  9. :AUTO_FORWARD - [0:0]
  10. :AUTO_INPUT - [0:0]
  11. :AUTO_OUTPUT - [0:0]
  12. :HA_OUT - [0:0]
  13. :LOCKOUT - [0:0]
  14. :INVALID_PKT - [0:0]
  15. :LOGACCEPT - [0:0]
  16. :LOGDROP - [0:0]
  17. :LOGREJECT - [0:0]
  18. :PSD_ACTION - [0:0]
  19. :PSD_MATCH - [0:0]
  20. :RELATED_FWD - [0:0]
  21. :SANITY_CHECKS - [0:0]
  22. :STRICT_TCP_DROP - [0:0]
  23. :STRICT_TCP_STATE - [0:0]
  24. :USR_FORWARD - [0:0]
  25. :USR_INPUT - [0:0]
  26. :USR_OUTPUT - [0:0]
  27. -A INPUT -i lo -j ACCEPT
  28. -A INPUT -m confirmed ! -d ff00::/8 -j ACCEPT
  29. -A INPUT -m conntrack --ctstate RELATED -j CONFIRMED
  30. -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135/0 -j ACCEPT
  31. -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136/0 -j ACCEPT
  32. -A INPUT -j LOCKOUT
  33. -A INPUT -j PSD_MATCH
  34. -A INPUT -j SANITY_CHECKS
  35. -A INPUT -j AUTO_INPUT
  36. -A INPUT -j USR_INPUT
  37. -A INPUT -m logmark --logmark 60001 -j LOGDROP
  38. -A FORWARD -m confirmed ! -d ff00::/8 -j ACCEPT
  39. -A FORWARD -m conntrack --ctstate RELATED -j RELATED_FWD
  40. -A FORWARD -j PSD_MATCH
  41. -A FORWARD -j SANITY_CHECKS
  42. -A FORWARD -j AUTO_FORWARD
  43. -A FORWARD -j USR_FORWARD
  44. -A FORWARD ! -o eth2 -p tcp --tcp-flags SYN,ACK,FIN ACK,FIN -j DROP
  45. -A FORWARD ! -o eth2 -p tcp --tcp-flags SYN,RST RST -j DROP
  46. -A FORWARD -m logmark --logmark 60002 -j LOGDROP
  47. -A OUTPUT -o lo -j ACCEPT
  48. -A OUTPUT -m confirmed ! -d ff00::/8 -j ACCEPT
  49. -A OUTPUT -j HA_OUT
  50. -A OUTPUT -m conntrack --ctstate RELATED -j CONFIRMED
  51. -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135/0 -j ACCEPT
  52. -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136/0 -j ACCEPT
  53. # NUTM-10626: The dehydrated output rules are unconditional because Middleware would try to connect outbound before creating the rules
  54. -A OUTPUT -p tcp -m tcp --sport 1:65535 --dport 443 -m owner --uid-owner dehydrated --gid-owner dehydrated -j CONFIRMED
  55. -A OUTPUT -j SANITY_CHECKS
  56. -A OUTPUT -j AUTO_OUTPUT
  57. -A OUTPUT -j USR_OUTPUT
  58. -A OUTPUT -m logmark --logmark 60003 -j LOGDROP
  59. -A INVALID_PKT -m logmark --logmark 60007 -j NFLOG --nflog-prefix "INVALID_PKT: "
  60. -A INVALID_PKT -j DROP
  61. -A STRICT_TCP_DROP -j DROP
  62. -A LOGACCEPT -j NFLOG --nflog-prefix "ACCEPT: "
  63. -A LOGACCEPT -j CONFIRMED
  64. -A LOGDROP -j NFLOG --nflog-prefix "DROP: "
  65. -A LOGDROP -j DROP
  66. -A LOGREJECT -j NFLOG --nflog-prefix "REJECT: "
  67. -A LOGREJECT -j REJECT --reject-with icmp6-port-unreachable
  68. -A GEOIP_REJECT -p tcp -j REJECT --reject-with tcp-reset
  69. -A GEOIP_REJECT -j REJECT --reject-with icmp6-port-unreachable
  70. -A RELATED_FWD -j CONFIRMED
  71. COMMIT
  72. # Completed on Mon Feb 1 14:28:25 2010
  73.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!