API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 24th, 2017
63
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.97 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.6.0 on Mon Apr 24 21:09:50 2017
  2. *nat
  3. :PREROUTING ACCEPT [10949:900848]
  4. :INPUT ACCEPT [4860:174348]
  5. :OUTPUT ACCEPT [6676:731081]
  6. :POSTROUTING ACCEPT [6676:731081]
  7. :DOCKER - [0:0]
  8. -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
  9. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
  10. -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
  11. -A POSTROUTING -s 172.21.0.0/16 ! -o br-b676b1fd2bdc -j MASQUERADE
  12. -A POSTROUTING -s 172.19.0.0/16 ! -o br-4de25c9923c9 -j MASQUERADE
  13. -A POSTROUTING -s 172.20.0.0/16 ! -o br-d9707f66aa59 -j MASQUERADE
  14. -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 22 -j MASQUERADE
  15. -A DOCKER -i docker0 -j RETURN
  16. -A DOCKER -i br-d9707f66aa59 -j RETURN
  17. -A DOCKER -i br-b676b1fd2bdc -j RETURN
  18. -A DOCKER -i br-4de25c9923c9 -j RETURN
  19. -A DOCKER ! -i docker0 -p tcp -m tcp --dport 22124 -j DNAT --to-destination 172.17.0.2:22
  20. COMMIT
  21. # Completed on Mon Apr 24 21:09:50 2017
  22. # Generated by iptables-save v1.6.0 on Mon Apr 24 21:09:50 2017
  23. *filter
  24. :INPUT DROP [0:0]
  25. :FORWARD DROP [0:0]
  26. :OUTPUT DROP [0:0]
  27. :Cid45457X4064.0 - [0:0]
  28. :DOCKER - [0:0]
  29. :DOCKER-ISOLATION - [0:0]
  30. :In_RULE_0 - [0:0]
  31. :In_RULE_10 - [0:0]
  32. :In_RULE_4 - [0:0]
  33. :In_RULE_5 - [0:0]
  34. :In_RULE_6 - [0:0]
  35. :In_RULE_7 - [0:0]
  36. :In_RULE_8 - [0:0]
  37. :In_RULE_9 - [0:0]
  38. :RULE_11 - [0:0]
  39. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  40. -A INPUT -s 176.31.100.25/32 -i eth0 -m state --state NEW -j In_RULE_0
  41. -A INPUT -i lo -m state --state NEW -j ACCEPT
  42. -A INPUT -p icmp -m icmp --icmp-type 3 -m state --state NEW -j ACCEPT
  43. -A INPUT -p icmp -m icmp --icmp-type 0/0 -m state --state NEW -j ACCEPT
  44. -A INPUT -p icmp -m icmp --icmp-type 8/0 -m state --state NEW -j ACCEPT
  45. -A INPUT -p icmp -m icmp --icmp-type 11/0 -m state --state NEW -j ACCEPT
  46. -A INPUT -p icmp -m icmp --icmp-type 11/1 -m state --state NEW -j ACCEPT
  47. -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
  48. -A INPUT -s 176.31.100.25/32 -m state --state NEW -j ACCEPT
  49. -A INPUT -i eth0 -p tcp -m tcp -m multiport --dports 80,443 -m state --state NEW -j In_RULE_4
  50. -A INPUT -i eth0 -p tcp -m tcp --dport 8070:8099 -m state --state NEW -j In_RULE_5
  51. -A INPUT -i eth0 -p tcp -m tcp --dport 9987:9989 -m state --state NEW -j In_RULE_6
  52. -A INPUT -i eth0 -p tcp -m tcp --dport 64738 -m state --state NEW -j In_RULE_7
  53. -A INPUT -i eth0 -p tcp -m tcp --dport 22120:22129 -m state --state NEW -j In_RULE_8
  54. -A INPUT -i eth0 -p tcp -m tcp --sport 20 --dport 1024:65535 -m state --state NEW -j In_RULE_9
  55. -A INPUT -i eth0 -p tcp -m tcp -m multiport --dports 21,20 -m state --state NEW -j In_RULE_9
  56. -A INPUT -i eth0 -p tcp -m tcp --dport 3690 -m state --state NEW -j In_RULE_10
  57. -A INPUT -j RULE_11
  58. -A FORWARD -j DOCKER-ISOLATION
  59. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  60. -A FORWARD -o docker0 -j DOCKER
  61. -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  62. -A FORWARD -i docker0 -o docker0 -j ACCEPT
  63. -A FORWARD -o br-b676b1fd2bdc -j DOCKER
  64. -A FORWARD -o br-b676b1fd2bdc -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  65. -A FORWARD -i br-b676b1fd2bdc ! -o br-b676b1fd2bdc -j ACCEPT
  66. -A FORWARD -i br-b676b1fd2bdc -o br-b676b1fd2bdc -j ACCEPT
  67. -A FORWARD -o br-4de25c9923c9 -j DOCKER
  68. -A FORWARD -o br-4de25c9923c9 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  69. -A FORWARD -i br-4de25c9923c9 ! -o br-4de25c9923c9 -j ACCEPT
  70. -A FORWARD -i br-4de25c9923c9 -o br-4de25c9923c9 -j ACCEPT
  71. -A FORWARD -o br-d9707f66aa59 -j DOCKER
  72. -A FORWARD -o br-d9707f66aa59 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  73. -A FORWARD -i br-d9707f66aa59 ! -o br-d9707f66aa59 -j ACCEPT
  74. -A FORWARD -i br-d9707f66aa59 -o br-d9707f66aa59 -j ACCEPT
  75. -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  76. -A FORWARD -s 176.31.100.25/32 -i eth0 -m state --state NEW -j In_RULE_0
  77. -A FORWARD -j RULE_11
  78. -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  79. -A OUTPUT -o lo -m state --state NEW -j ACCEPT
  80. -A OUTPUT -d 176.31.100.25/32 -m state --state NEW -j Cid45457X4064.0
  81. -A OUTPUT -m state --state NEW -j ACCEPT
  82. -A OUTPUT -j RULE_11
  83. -A Cid45457X4064.0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
  84. -A Cid45457X4064.0 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
  85. -A Cid45457X4064.0 -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
  86. -A Cid45457X4064.0 -p icmp -m icmp --icmp-type 11/0 -j ACCEPT
  87. -A Cid45457X4064.0 -p icmp -m icmp --icmp-type 11/1 -j ACCEPT
  88. -A Cid45457X4064.0 -p tcp -m tcp --dport 22 -j ACCEPT
  89. -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 22 -j ACCEPT
  90. -A DOCKER-ISOLATION -i br-4de25c9923c9 -o docker0 -j DROP
  91. -A DOCKER-ISOLATION -i docker0 -o br-4de25c9923c9 -j DROP
  92. -A DOCKER-ISOLATION -i br-d9707f66aa59 -o docker0 -j DROP
  93. -A DOCKER-ISOLATION -i docker0 -o br-d9707f66aa59 -j DROP
  94. -A DOCKER-ISOLATION -i br-b676b1fd2bdc -o docker0 -j DROP
  95. -A DOCKER-ISOLATION -i docker0 -o br-b676b1fd2bdc -j DROP
  96. -A DOCKER-ISOLATION -i br-b676b1fd2bdc -o br-d9707f66aa59 -j DROP
  97. -A DOCKER-ISOLATION -i br-d9707f66aa59 -o br-b676b1fd2bdc -j DROP
  98. -A DOCKER-ISOLATION -i br-4de25c9923c9 -o br-d9707f66aa59 -j DROP
  99. -A DOCKER-ISOLATION -i br-d9707f66aa59 -o br-4de25c9923c9 -j DROP
  100. -A DOCKER-ISOLATION -i br-4de25c9923c9 -o br-b676b1fd2bdc -j DROP
  101. -A DOCKER-ISOLATION -i br-b676b1fd2bdc -o br-4de25c9923c9 -j DROP
  102. -A DOCKER-ISOLATION -j RETURN
  103. -A In_RULE_0 -j LOG --log-prefix "RULE 0 -- DENY " --log-level 6
  104. -A In_RULE_0 -j DROP
  105. -A In_RULE_10 -j LOG --log-prefix "RULE 10 -- ACCEPT " --log-level 6
  106. -A In_RULE_10 -j ACCEPT
  107. -A In_RULE_4 -j LOG --log-prefix "RULE 4 -- ACCEPT " --log-level 6
  108. -A In_RULE_4 -j ACCEPT
  109. -A In_RULE_5 -j LOG --log-prefix "RULE 5 -- ACCEPT " --log-level 6
  110. -A In_RULE_5 -j ACCEPT
  111. -A In_RULE_6 -j LOG --log-prefix "RULE 6 -- ACCEPT " --log-level 6
  112. -A In_RULE_6 -j ACCEPT
  113. -A In_RULE_7 -j LOG --log-prefix "RULE 7 -- ACCEPT " --log-level 6
  114. -A In_RULE_7 -j ACCEPT
  115. -A In_RULE_8 -j LOG --log-prefix "RULE 8 -- ACCEPT " --log-level 6
  116. -A In_RULE_8 -j ACCEPT
  117. -A In_RULE_9 -j LOG --log-prefix "RULE 9 -- ACCEPT " --log-level 6
  118. -A In_RULE_9 -j ACCEPT
  119. -A RULE_11 -j LOG --log-prefix "RULE 11 -- DENY " --log-level 6
  120. -A RULE_11 -j DROP
  121. COMMIT
  122. # Completed on Mon Apr 24 21:09:50 2017
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!