API tools faq
paste
Guest User

Untitled

a guest
Mar 20th, 2018
100
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.66 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.6.0 on Tue Mar 6 04:10:26 2018
  2. *mangle
  3. :PREROUTING ACCEPT [354382:26406678]
  4. :INPUT ACCEPT [326650:16548377]
  5. :FORWARD ACCEPT [27636:9850472]
  6. :OUTPUT ACCEPT [6055:441892]
  7. :POSTROUTING ACCEPT [32989:10272123]
  8. -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
  9. -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
  10. -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
  11. -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
  12. -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
  13. COMMIT
  14. # Completed on Tue Mar 6 04:10:26 2018
  15. # Generated by iptables-save v1.6.0 on Tue Mar 6 04:10:26 2018
  16. *nat
  17. :PREROUTING ACCEPT [35828:5371260]
  18. :INPUT ACCEPT [744:113337]
  19. :OUTPUT ACCEPT [1290:95977]
  20. :POSTROUTING ACCEPT [3830:264182]
  21. -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
  22. -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
  23. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
  24. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
  25. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
  26. -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
  27. -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
  28. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
  29. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
  30. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
  31. -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
  32. -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
  33. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
  34. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
  35. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
  36. -A POSTROUTING ! -d 10.1.0.0/16 -o enp0s9 -j SNAT --to-source 10.0.4.15
  37. -A POSTROUTING ! -d 10.1.0.0/16 -o enp0s9 -j SNAT --to-source 10.0.4.15
  38. -A POSTROUTING ! -d 10.0.0.0/16 -o enp0s3 -j SNAT --to-source 10.8.15.157
  39. -A POSTROUTING ! -d 10.1.0.0/16 -o enp0s3 -j SNAT --to-source 10.8.15.157
  40. COMMIT
  41. # Completed on Tue Mar 6 04:10:26 2018
  42. # Generated by iptables-save v1.6.0 on Tue Mar 6 04:10:26 2018
  43. *filter
  44. :INPUT DROP [1711:91384]
  45. :FORWARD DROP [0:0]
  46. :OUTPUT ACCEPT [20:1663]
  47. :dmznet - [0:0]
  48. :ufw-after-forward - [0:0]
  49. :ufw-after-input - [0:0]
  50. :ufw-after-logging-forward - [0:0]
  51. :ufw-after-logging-input - [0:0]
  52. :ufw-after-logging-output - [0:0]
  53. :ufw-after-output - [0:0]
  54. :ufw-before-forward - [0:0]
  55. :ufw-before-input - [0:0]
  56. :ufw-before-logging-forward - [0:0]
  57. :ufw-before-logging-input - [0:0]
  58. :ufw-before-logging-output - [0:0]
  59. :ufw-before-output - [0:0]
  60. :ufw-reject-forward - [0:0]
  61. :ufw-reject-input - [0:0]
  62. :ufw-reject-output - [0:0]
  63. :ufw-track-forward - [0:0]
  64. :ufw-track-input - [0:0]
  65. :ufw-track-output - [0:0]
  66. -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
  67. -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
  68. -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
  69. -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
  70. -A FORWARD -s 10.0.0.1/32 -d 10.1.0.0/16 -p tcp -m tcp --dport 22 -j ACCEPT
  71. -A FORWARD -s 10.0.0.0/16 -d 10.1.0.0/16 -p tcp -m tcp --dport 22 -j DROP
  72. -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  73. -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
  74. -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
  75. -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
  76. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
  77. -A FORWARD -s 10.0.0.0/16 -p tcp -j ACCEPT
  78. -A FORWARD -d 10.0.0.0/16 -p tcp -j ACCEPT
  79. -A FORWARD -d 10.0.0.0/16 -p udp -j ACCEPT
  80. -A FORWARD -s 10.0.0.0/16 -p udp -j ACCEPT
  81. -A FORWARD -s 10.1.0.1/32 -p tcp -m tcp --sport 80 -j ACCEPT
  82. -A FORWARD -d 10.1.0.1/32 -p tcp -m tcp --dport 80 -j ACCEPT
  83. -A FORWARD -d 10.1.0.3/32 -p tcp -m tcp --dport 53 -j ACCEPT
  84. -A FORWARD -s 10.1.0.3/32 -p tcp -m tcp --sport 53 -j ACCEPT
  85. -A FORWARD -s 10.1.0.3/32 -p udp -m udp --sport 53 -j ACCEPT
  86. -A FORWARD -d 10.1.0.3/32 -p udp -m udp --dport 53 -j ACCEPT
  87. -A FORWARD -d 10.8.0.0/16 -p udp -j ACCEPT
  88. -A FORWARD -d 10.8.0.0/16 -p tcp -j ACCEPT
  89. -A FORWARD -s 10.8.0.0/16 -p tcp -j ACCEPT
  90. -A FORWARD -s 10.8.0.0/16 -p udp -j ACCEPT
  91. -A FORWARD -j dmznet
  92. -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
  93. -A dmznet -d 10.1.0.0/16 -p tcp -j ACCEPT
  94. -A dmznet -d 10.1.0.0/16 -p udp -j ACCEPT
  95. -A dmznet -s 10.1.0.0/16 -p udp -j ACCEPT
  96. -A dmznet -s 10.1.0.0/16 -p tcp -j ACCEPT
  97. COMMIT
  98. # Completed on Tue Mar 6 04:10:26 2018
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!