API tools faq
paste
Advertisement
Guest User

iptables-save

a guest
May 9th, 2018
150
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.53 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.6.0 on Wed May 9 16:31:49 2018
  2. *nat
  3. :PREROUTING ACCEPT [3864910:279357531]
  4. :INPUT ACCEPT [103654:6553562]
  5. :OUTPUT ACCEPT [124973:7518452]
  6. :POSTROUTING ACCEPT [4739877:299246419]
  7. :DOCKER - [0:0]
  8. -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
  9. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
  10. -A POSTROUTING -s 172.19.0.0/16 ! -o br-ea08848adeff -j MASQUERADE
  11. -A POSTROUTING -s 172.22.0.0/16 ! -o br-5e7cf3af7324 -j MASQUERADE
  12. -A POSTROUTING -s 172.21.0.0/16 ! -o br-c52d59e4bc11 -j MASQUERADE
  13. -A POSTROUTING -s 172.20.0.0/16 ! -o br-387f8072f56a -j MASQUERADE
  14. -A POSTROUTING -s 172.18.0.0/28 ! -o br-a7cc1ec0a07b -j MASQUERADE
  15. -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
  16. -A POSTROUTING -s 172.18.0.3/32 -d 172.18.0.3/32 -p tcp -m tcp --dport 80 -j MASQUERADE
  17. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30009 -j MASQUERADE
  18. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30008 -j MASQUERADE
  19. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30007 -j MASQUERADE
  20. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30006 -j MASQUERADE
  21. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30005 -j MASQUERADE
  22. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30004 -j MASQUERADE
  23. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30003 -j MASQUERADE
  24. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30002 -j MASQUERADE
  25. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30001 -j MASQUERADE
  26. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30000 -j MASQUERADE
  27. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 8080 -j MASQUERADE
  28. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 22 -j MASQUERADE
  29. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 995 -j MASQUERADE
  30. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 993 -j MASQUERADE
  31. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 587 -j MASQUERADE
  32. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 465 -j MASQUERADE
  33. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 443 -j MASQUERADE
  34. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 143 -j MASQUERADE
  35. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 110 -j MASQUERADE
  36. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 80 -j MASQUERADE
  37. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 53 -j MASQUERADE
  38. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p udp -m udp --dport 53 -j MASQUERADE
  39. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 25 -j MASQUERADE
  40. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 21 -j MASQUERADE
  41. -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 20 -j MASQUERADE
  42. -A POSTROUTING -s 172.20.0.3/32 -d 172.20.0.3/32 -p tcp -m tcp --dport 8069 -j MASQUERADE
  43. -A POSTROUTING -s 172.22.0.3/32 -d 172.22.0.3/32 -p tcp -m tcp --dport 443 -j MASQUERADE
  44. -A POSTROUTING -s 172.22.0.3/32 -d 172.22.0.3/32 -p tcp -m tcp --dport 80 -j MASQUERADE
  45. -A POSTROUTING -s 172.19.0.2/32 -d 172.19.0.2/32 -p tcp -m tcp --dport 8080 -j MASQUERADE
  46. -A DOCKER -i br-ea08848adeff -j RETURN
  47. -A DOCKER -i br-5e7cf3af7324 -j RETURN
  48. -A DOCKER -i br-c52d59e4bc11 -j RETURN
  49. -A DOCKER -i br-387f8072f56a -j RETURN
  50. -A DOCKER -i br-a7cc1ec0a07b -j RETURN
  51. -A DOCKER -i docker0 -j RETURN
  52. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 8081 -j DNAT --to-destination 172.18.0.3:80
  53. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30009 -j DNAT --to-destination 172.18.0.4:30009
  54. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30008 -j DNAT --to-destination 172.18.0.4:30008
  55. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30007 -j DNAT --to-destination 172.18.0.4:30007
  56. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30006 -j DNAT --to-destination 172.18.0.4:30006
  57. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30005 -j DNAT --to-destination 172.18.0.4:30005
  58. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30004 -j DNAT --to-destination 172.18.0.4:30004
  59. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30003 -j DNAT --to-destination 172.18.0.4:30003
  60. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30002 -j DNAT --to-destination 172.18.0.4:30002
  61. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30001 -j DNAT --to-destination 172.18.0.4:30001
  62. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30000 -j DNAT --to-destination 172.18.0.4:30000
  63. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.18.0.4:8080
  64. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 2222 -j DNAT --to-destination 172.18.0.4:22
  65. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 995 -j DNAT --to-destination 172.18.0.4:995
  66. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 993 -j DNAT --to-destination 172.18.0.4:993
  67. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 587 -j DNAT --to-destination 172.18.0.4:587
  68. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 465 -j DNAT --to-destination 172.18.0.4:465
  69. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.18.0.4:443
  70. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 143 -j DNAT --to-destination 172.18.0.4:143
  71. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 110 -j DNAT --to-destination 172.18.0.4:110
  72. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.18.0.4:80
  73. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 53 -j DNAT --to-destination 172.18.0.4:53
  74. -A DOCKER ! -i br-a7cc1ec0a07b -p udp -m udp --dport 53 -j DNAT --to-destination 172.18.0.4:53
  75. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 25 -j DNAT --to-destination 172.18.0.4:25
  76. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 21 -j DNAT --to-destination 172.18.0.4:21
  77. -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 20 -j DNAT --to-destination 172.18.0.4:20
  78. -A DOCKER ! -i br-387f8072f56a -p tcp -m tcp --dport 8069 -j DNAT --to-destination 172.20.0.3:8069
  79. -A DOCKER ! -i br-5e7cf3af7324 -p tcp -m tcp --dport 10443 -j DNAT --to-destination 172.22.0.3:443
  80. -A DOCKER ! -i br-5e7cf3af7324 -p tcp -m tcp --dport 8090 -j DNAT --to-destination 172.22.0.3:80
  81. -A DOCKER ! -i br-ea08848adeff -p tcp -m tcp --dport 8082 -j DNAT --to-destination 172.19.0.2:8080
  82. COMMIT
  83. # Completed on Wed May 9 16:31:49 2018
  84. # Generated by iptables-save v1.6.0 on Wed May 9 16:31:49 2018
  85. *filter
  86. :INPUT DROP [3:124]
  87. :FORWARD ACCEPT [0:0]
  88. :OUTPUT ACCEPT [0:0]
  89. :DOCKER - [0:0]
  90. :DOCKER-ISOLATION - [0:0]
  91. :DOCKER-USER - [0:0]
  92. :f2b-apache-auth - [0:0]
  93. :f2b-apache-badbots - [0:0]
  94. :f2b-apache-botsearch - [0:0]
  95. :f2b-apache-fakegooglebot - [0:0]
  96. :f2b-apache-modsecurity - [0:0]
  97. :f2b-apache-nohome - [0:0]
  98. :f2b-apache-noscript - [0:0]
  99. :f2b-apache-overflows - [0:0]
  100. :f2b-apache-shellshock - [0:0]
  101. :f2b-dovecot - [0:0]
  102. :f2b-mysshd - [0:0]
  103. :f2b-postfix - [0:0]
  104. :f2b-sshd - [0:0]
  105. :ufw-after-forward - [0:0]
  106. :ufw-after-input - [0:0]
  107. :ufw-after-logging-forward - [0:0]
  108. :ufw-after-logging-input - [0:0]
  109. :ufw-after-logging-output - [0:0]
  110. :ufw-after-output - [0:0]
  111. :ufw-before-forward - [0:0]
  112. :ufw-before-input - [0:0]
  113. :ufw-before-logging-forward - [0:0]
  114. :ufw-before-logging-input - [0:0]
  115. :ufw-before-logging-output - [0:0]
  116. :ufw-before-output - [0:0]
  117. :ufw-logging-allow - [0:0]
  118. :ufw-logging-deny - [0:0]
  119. :ufw-not-local - [0:0]
  120. :ufw-reject-forward - [0:0]
  121. :ufw-reject-input - [0:0]
  122. :ufw-reject-output - [0:0]
  123. :ufw-skip-to-policy-forward - [0:0]
  124. :ufw-skip-to-policy-input - [0:0]
  125. :ufw-skip-to-policy-output - [0:0]
  126. :ufw-track-forward - [0:0]
  127. :ufw-track-input - [0:0]
  128. :ufw-track-output - [0:0]
  129. :ufw-user-forward - [0:0]
  130. :ufw-user-input - [0:0]
  131. :ufw-user-limit - [0:0]
  132. :ufw-user-limit-accept - [0:0]
  133. :ufw-user-logging-forward - [0:0]
  134. :ufw-user-logging-input - [0:0]
  135. :ufw-user-logging-output - [0:0]
  136. :ufw-user-output - [0:0]
  137. -A INPUT -p tcp -m multiport --dports 2222 -j f2b-mysshd
  138. -A INPUT -p tcp -m multiport --dports 110,995,143,993,587,465,4190 -j f2b-dovecot
  139. -A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix
  140. -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-shellshock
  141. -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-modsecurity
  142. -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-fakegooglebot
  143. -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-botsearch
  144. -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-nohome
  145. -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-overflows
  146. -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-noscript
  147. -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-badbots
  148. -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-auth
  149. -A INPUT -p tcp -m multiport --dports 2020 -j f2b-sshd
  150. -A INPUT -j ufw-before-logging-input
  151. -A INPUT -j ufw-before-input
  152. -A INPUT -j ufw-after-input
  153. -A INPUT -j ufw-after-logging-input
  154. -A INPUT -j ufw-reject-input
  155. -A INPUT -j ufw-track-input
  156. -A FORWARD -s 189.236.63.247/32 -j DROP
  157. -A FORWARD -s 37.191.50.28/32 -j DROP
  158. -A FORWARD -s 193.91.67.75/32 -j DROP
  159. -A FORWARD -j DOCKER-USER
  160. -A FORWARD -j DOCKER-ISOLATION
  161. -A FORWARD -o br-ea08848adeff -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  162. -A FORWARD -o br-ea08848adeff -j DOCKER
  163. -A FORWARD -i br-ea08848adeff ! -o br-ea08848adeff -j ACCEPT
  164. -A FORWARD -i br-ea08848adeff -o br-ea08848adeff -j ACCEPT
  165. -A FORWARD -o br-5e7cf3af7324 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  166. -A FORWARD -o br-5e7cf3af7324 -j DOCKER
  167. -A FORWARD -i br-5e7cf3af7324 ! -o br-5e7cf3af7324 -j ACCEPT
  168. -A FORWARD -i br-5e7cf3af7324 -o br-5e7cf3af7324 -j ACCEPT
  169. -A FORWARD -o br-c52d59e4bc11 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  170. -A FORWARD -o br-c52d59e4bc11 -j DOCKER
  171. -A FORWARD -i br-c52d59e4bc11 ! -o br-c52d59e4bc11 -j ACCEPT
  172. -A FORWARD -i br-c52d59e4bc11 -o br-c52d59e4bc11 -j ACCEPT
  173. -A FORWARD -o br-387f8072f56a -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  174. -A FORWARD -o br-387f8072f56a -j DOCKER
  175. -A FORWARD -i br-387f8072f56a ! -o br-387f8072f56a -j ACCEPT
  176. -A FORWARD -i br-387f8072f56a -o br-387f8072f56a -j ACCEPT
  177. -A FORWARD -o br-a7cc1ec0a07b -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  178. -A FORWARD -o br-a7cc1ec0a07b -j DOCKER
  179. -A FORWARD -i br-a7cc1ec0a07b ! -o br-a7cc1ec0a07b -j ACCEPT
  180. -A FORWARD -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -j ACCEPT
  181. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  182. -A FORWARD -o docker0 -j DOCKER
  183. -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  184. -A FORWARD -i docker0 -o docker0 -j ACCEPT
  185. -A FORWARD -j ufw-before-logging-forward
  186. -A FORWARD -j ufw-before-forward
  187. -A FORWARD -j ufw-after-forward
  188. -A FORWARD -j ufw-after-logging-forward
  189. -A FORWARD -j ufw-reject-forward
  190. -A FORWARD -j ufw-track-forward
  191. -A OUTPUT -j ufw-before-logging-output
  192. -A OUTPUT -j ufw-before-output
  193. -A OUTPUT -j ufw-after-output
  194. -A OUTPUT -j ufw-after-logging-output
  195. -A OUTPUT -j ufw-reject-output
  196. -A OUTPUT -j ufw-track-output
  197. -A DOCKER -d 172.18.0.3/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 80 -j ACCEPT
  198. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30009 -j ACCEPT
  199. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30008 -j ACCEPT
  200. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30007 -j ACCEPT
  201. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30006 -j ACCEPT
  202. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30005 -j ACCEPT
  203. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30004 -j ACCEPT
  204. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30003 -j ACCEPT
  205. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30002 -j ACCEPT
  206. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30001 -j ACCEPT
  207. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30000 -j ACCEPT
  208. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 8080 -j ACCEPT
  209. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 22 -j ACCEPT
  210. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 995 -j ACCEPT
  211. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 993 -j ACCEPT
  212. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 587 -j ACCEPT
  213. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 465 -j ACCEPT
  214. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 443 -j ACCEPT
  215. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 143 -j ACCEPT
  216. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 110 -j ACCEPT
  217. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 80 -j ACCEPT
  218. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 53 -j ACCEPT
  219. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p udp -m udp --dport 53 -j ACCEPT
  220. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 25 -j ACCEPT
  221. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 21 -j ACCEPT
  222. -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 20 -j ACCEPT
  223. -A DOCKER -d 172.20.0.3/32 ! -i br-387f8072f56a -o br-387f8072f56a -p tcp -m tcp --dport 8069 -j ACCEPT
  224. -A DOCKER -d 172.22.0.3/32 ! -i br-5e7cf3af7324 -o br-5e7cf3af7324 -p tcp -m tcp --dport 443 -j ACCEPT
  225. -A DOCKER -d 172.22.0.3/32 ! -i br-5e7cf3af7324 -o br-5e7cf3af7324 -p tcp -m tcp --dport 80 -j ACCEPT
  226. -A DOCKER -d 172.19.0.2/32 ! -i br-ea08848adeff -o br-ea08848adeff -p tcp -m tcp --dport 8080 -j ACCEPT
  227. -A DOCKER-ISOLATION -i docker0 -o br-ea08848adeff -j DROP
  228. -A DOCKER-ISOLATION -i br-ea08848adeff -o docker0 -j DROP
  229. -A DOCKER-ISOLATION -i br-a7cc1ec0a07b -o br-ea08848adeff -j DROP
  230. -A DOCKER-ISOLATION -i br-ea08848adeff -o br-a7cc1ec0a07b -j DROP
  231. -A DOCKER-ISOLATION -i br-5e7cf3af7324 -o br-ea08848adeff -j DROP
  232. -A DOCKER-ISOLATION -i br-ea08848adeff -o br-5e7cf3af7324 -j DROP
  233. -A DOCKER-ISOLATION -i br-c52d59e4bc11 -o br-ea08848adeff -j DROP
  234. -A DOCKER-ISOLATION -i br-ea08848adeff -o br-c52d59e4bc11 -j DROP
  235. -A DOCKER-ISOLATION -i br-387f8072f56a -o br-ea08848adeff -j DROP
  236. -A DOCKER-ISOLATION -i br-ea08848adeff -o br-387f8072f56a -j DROP
  237. -A DOCKER-ISOLATION -i br-c52d59e4bc11 -o br-5e7cf3af7324 -j DROP
  238. -A DOCKER-ISOLATION -i br-5e7cf3af7324 -o br-c52d59e4bc11 -j DROP
  239. -A DOCKER-ISOLATION -i br-387f8072f56a -o br-5e7cf3af7324 -j DROP
  240. -A DOCKER-ISOLATION -i br-5e7cf3af7324 -o br-387f8072f56a -j DROP
  241. -A DOCKER-ISOLATION -i docker0 -o br-5e7cf3af7324 -j DROP
  242. -A DOCKER-ISOLATION -i br-5e7cf3af7324 -o docker0 -j DROP
  243. -A DOCKER-ISOLATION -i br-a7cc1ec0a07b -o br-5e7cf3af7324 -j DROP
  244. -A DOCKER-ISOLATION -i br-5e7cf3af7324 -o br-a7cc1ec0a07b -j DROP
  245. -A DOCKER-ISOLATION -i br-387f8072f56a -o br-c52d59e4bc11 -j DROP
  246. -A DOCKER-ISOLATION -i br-c52d59e4bc11 -o br-387f8072f56a -j DROP
  247. -A DOCKER-ISOLATION -i docker0 -o br-c52d59e4bc11 -j DROP
  248. -A DOCKER-ISOLATION -i br-c52d59e4bc11 -o docker0 -j DROP
  249. -A DOCKER-ISOLATION -i br-a7cc1ec0a07b -o br-c52d59e4bc11 -j DROP
  250. -A DOCKER-ISOLATION -i br-c52d59e4bc11 -o br-a7cc1ec0a07b -j DROP
  251. -A DOCKER-ISOLATION -i docker0 -o br-387f8072f56a -j DROP
  252. -A DOCKER-ISOLATION -i br-387f8072f56a -o docker0 -j DROP
  253. -A DOCKER-ISOLATION -i br-a7cc1ec0a07b -o br-387f8072f56a -j DROP
  254. -A DOCKER-ISOLATION -i br-387f8072f56a -o br-a7cc1ec0a07b -j DROP
  255. -A DOCKER-ISOLATION -i docker0 -o br-a7cc1ec0a07b -j DROP
  256. -A DOCKER-ISOLATION -i br-a7cc1ec0a07b -o docker0 -j DROP
  257. -A DOCKER-ISOLATION -j RETURN
  258. -A DOCKER-USER -j RETURN
  259. -A f2b-apache-auth -j RETURN
  260. -A f2b-apache-badbots -j RETURN
  261. -A f2b-apache-botsearch -j RETURN
  262. -A f2b-apache-fakegooglebot -j RETURN
  263. -A f2b-apache-modsecurity -j RETURN
  264. -A f2b-apache-nohome -j RETURN
  265. -A f2b-apache-noscript -j RETURN
  266. -A f2b-apache-overflows -j RETURN
  267. -A f2b-apache-shellshock -j RETURN
  268. -A f2b-dovecot -s 37.76.97.154/32 -j REJECT --reject-with icmp-port-unreachable
  269. -A f2b-dovecot -j RETURN
  270. -A f2b-mysshd -j RETURN
  271. -A f2b-postfix -j RETURN
  272. -A f2b-sshd -j RETURN
  273. -A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
  274. -A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
  275. -A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
  276. -A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
  277. -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
  278. -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
  279. -A ufw-after-input -p tcp -m tcp --dport 80 -j ufw-skip-to-policy-input
  280. -A ufw-after-input -p tcp -m tcp --dport 443 -j ufw-skip-to-policy-input
  281. -A ufw-after-input -p tcp -m tcp --dport 8080 -j ufw-skip-to-policy-input
  282. -A ufw-after-input -p tcp -m tcp --dport 25 -j ufw-skip-to-policy-input
  283. -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
  284. -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
  285. -A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  286. -A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
  287. -A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
  288. -A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
  289. -A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
  290. -A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
  291. -A ufw-before-forward -j ufw-user-forward
  292. -A ufw-before-input -i lo -j ACCEPT
  293. -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  294. -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
  295. -A ufw-before-input -m conntrack --ctstate INVALID -j DROP
  296. -A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
  297. -A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
  298. -A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
  299. -A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
  300. -A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
  301. -A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
  302. -A ufw-before-input -j ufw-not-local
  303. -A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
  304. -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
  305. -A ufw-before-input -j ufw-user-input
  306. -A ufw-before-output -o lo -j ACCEPT
  307. -A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  308. -A ufw-before-output -j ufw-user-output
  309. -A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
  310. -A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
  311. -A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
  312. -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
  313. -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
  314. -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
  315. -A ufw-not-local -m limit --limit 30/min --limit-burst 100 -j ufw-logging-deny
  316. -A ufw-not-local -j DROP
  317. -A ufw-skip-to-policy-forward -j ACCEPT
  318. -A ufw-skip-to-policy-input -j DROP
  319. -A ufw-skip-to-policy-output -j ACCEPT
  320. -A ufw-track-forward -p tcp -m conntrack --ctstate NEW -j ACCEPT
  321. -A ufw-track-forward -p udp -m conntrack --ctstate NEW -j ACCEPT
  322. -A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
  323. -A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
  324. -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
  325. -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
  326. -A ufw-user-input -p tcp -m tcp --dport 22 -j ufw-user-limit-accept
  327. -A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
  328. -A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
  329. -A ufw-user-input -p udp -m udp --dport 22 -j ufw-user-limit-accept
  330. -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
  331. -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
  332. -A ufw-user-input -p tcp -m tcp --dport 22 -j ufw-user-limit-accept
  333. -A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
  334. -A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
  335. -A ufw-user-input -p udp -m udp --dport 22 -j ufw-user-limit-accept
  336. -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
  337. -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
  338. -A ufw-user-input -p tcp -m tcp --dport 22 -j ufw-user-limit-accept
  339. -A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
  340. -A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
  341. -A ufw-user-input -p udp -m udp --dport 22 -j ufw-user-limit-accept
  342. -A ufw-user-input -p tcp -m tcp --dport 2020 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
  343. -A ufw-user-input -p tcp -m tcp --dport 2020 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
  344. -A ufw-user-input -p tcp -m tcp --dport 2020 -j ufw-user-limit-accept
  345. -A ufw-user-input -p udp -m udp --dport 2020 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
  346. -A ufw-user-input -p udp -m udp --dport 2020 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
  347. -A ufw-user-input -p udp -m udp --dport 2020 -j ufw-user-limit-accept
  348. -A ufw-user-input -p tcp -m tcp --dport 2375 -j ACCEPT
  349. -A ufw-user-input -p tcp -m tcp --dport 2376 -j ACCEPT
  350. -A ufw-user-input -p tcp -m tcp --dport 2020 -j ACCEPT
  351. -A ufw-user-input -s 172.17.0.0/24 -p tcp -m tcp --dport 4949 -j ACCEPT
  352. -A ufw-user-input -s 172.17.0.0/24 -p udp -m udp --dport 4949 -j ACCEPT
  353. -A ufw-user-input -s 133.130.107.3/32 -j DROP
  354. -A ufw-user-input -s 172.0.0.0/8 -j ACCEPT
  355. -A ufw-user-input -p udp -m udp --dport 1194 -j ACCEPT
  356. -A ufw-user-input -p tcp -m tcp --dport 25 -j ACCEPT
  357. -A ufw-user-input -p udp -m udp --dport 25 -j ACCEPT
  358. -A ufw-user-input -s 5.61.38.11/32 -j DROP
  359. -A ufw-user-input -d 5.61.38.11/32 -j DROP
  360. -A ufw-user-input -s 192.168.255.6/32 -p tcp -m tcp --dport 10050 -j ACCEPT
  361. -A ufw-user-input -s 192.168.255.6/32 -p udp -m udp --dport 10050 -j ACCEPT
  362. -A ufw-user-input -s 192.168.255.6/32 -p tcp -m tcp --dport 5666 -j ACCEPT
  363. -A ufw-user-input -s 192.168.255.6/32 -p udp -m udp --dport 5666 -j ACCEPT
  364. -A ufw-user-input -s 0.0.0.0/32 -d 5.61.38.11/32 -j DROP
  365. -A ufw-user-input -p tcp -m tcp --dport 10443 -j ACCEPT
  366. -A ufw-user-input -p udp -m udp --dport 10443 -j ACCEPT
  367. -A ufw-user-input -p tcp -m tcp --dport 8090 -j ACCEPT
  368. -A ufw-user-input -p udp -m udp --dport 8090 -j ACCEPT
  369. -A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
  370. -A ufw-user-input -p udp -m udp --dport 80 -j ACCEPT
  371. -A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
  372. -A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
  373. -A ufw-user-limit-accept -j ACCEPT
  374. -A ufw-user-output -d 5.61.38.11/32 -j REJECT --reject-with icmp-port-unreachable
  375. COMMIT
  376. # Completed on Wed May 9 16:31:49 20
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!