Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Generated by iptables-save v1.6.0 on Wed May 9 16:31:49 2018
- *nat
- :PREROUTING ACCEPT [3864910:279357531]
- :INPUT ACCEPT [103654:6553562]
- :OUTPUT ACCEPT [124973:7518452]
- :POSTROUTING ACCEPT [4739877:299246419]
- :DOCKER - [0:0]
- -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
- -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
- -A POSTROUTING -s 172.19.0.0/16 ! -o br-ea08848adeff -j MASQUERADE
- -A POSTROUTING -s 172.22.0.0/16 ! -o br-5e7cf3af7324 -j MASQUERADE
- -A POSTROUTING -s 172.21.0.0/16 ! -o br-c52d59e4bc11 -j MASQUERADE
- -A POSTROUTING -s 172.20.0.0/16 ! -o br-387f8072f56a -j MASQUERADE
- -A POSTROUTING -s 172.18.0.0/28 ! -o br-a7cc1ec0a07b -j MASQUERADE
- -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.3/32 -d 172.18.0.3/32 -p tcp -m tcp --dport 80 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30009 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30008 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30007 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30006 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30005 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30004 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30003 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30002 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30001 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 30000 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 8080 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 22 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 995 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 993 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 587 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 465 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 443 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 143 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 110 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 80 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 53 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p udp -m udp --dport 53 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 25 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 21 -j MASQUERADE
- -A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp --dport 20 -j MASQUERADE
- -A POSTROUTING -s 172.20.0.3/32 -d 172.20.0.3/32 -p tcp -m tcp --dport 8069 -j MASQUERADE
- -A POSTROUTING -s 172.22.0.3/32 -d 172.22.0.3/32 -p tcp -m tcp --dport 443 -j MASQUERADE
- -A POSTROUTING -s 172.22.0.3/32 -d 172.22.0.3/32 -p tcp -m tcp --dport 80 -j MASQUERADE
- -A POSTROUTING -s 172.19.0.2/32 -d 172.19.0.2/32 -p tcp -m tcp --dport 8080 -j MASQUERADE
- -A DOCKER -i br-ea08848adeff -j RETURN
- -A DOCKER -i br-5e7cf3af7324 -j RETURN
- -A DOCKER -i br-c52d59e4bc11 -j RETURN
- -A DOCKER -i br-387f8072f56a -j RETURN
- -A DOCKER -i br-a7cc1ec0a07b -j RETURN
- -A DOCKER -i docker0 -j RETURN
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 8081 -j DNAT --to-destination 172.18.0.3:80
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30009 -j DNAT --to-destination 172.18.0.4:30009
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30008 -j DNAT --to-destination 172.18.0.4:30008
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30007 -j DNAT --to-destination 172.18.0.4:30007
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30006 -j DNAT --to-destination 172.18.0.4:30006
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30005 -j DNAT --to-destination 172.18.0.4:30005
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30004 -j DNAT --to-destination 172.18.0.4:30004
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30003 -j DNAT --to-destination 172.18.0.4:30003
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30002 -j DNAT --to-destination 172.18.0.4:30002
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30001 -j DNAT --to-destination 172.18.0.4:30001
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 30000 -j DNAT --to-destination 172.18.0.4:30000
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.18.0.4:8080
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 2222 -j DNAT --to-destination 172.18.0.4:22
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 995 -j DNAT --to-destination 172.18.0.4:995
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 993 -j DNAT --to-destination 172.18.0.4:993
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 587 -j DNAT --to-destination 172.18.0.4:587
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 465 -j DNAT --to-destination 172.18.0.4:465
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.18.0.4:443
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 143 -j DNAT --to-destination 172.18.0.4:143
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 110 -j DNAT --to-destination 172.18.0.4:110
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.18.0.4:80
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 53 -j DNAT --to-destination 172.18.0.4:53
- -A DOCKER ! -i br-a7cc1ec0a07b -p udp -m udp --dport 53 -j DNAT --to-destination 172.18.0.4:53
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 25 -j DNAT --to-destination 172.18.0.4:25
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 21 -j DNAT --to-destination 172.18.0.4:21
- -A DOCKER ! -i br-a7cc1ec0a07b -p tcp -m tcp --dport 20 -j DNAT --to-destination 172.18.0.4:20
- -A DOCKER ! -i br-387f8072f56a -p tcp -m tcp --dport 8069 -j DNAT --to-destination 172.20.0.3:8069
- -A DOCKER ! -i br-5e7cf3af7324 -p tcp -m tcp --dport 10443 -j DNAT --to-destination 172.22.0.3:443
- -A DOCKER ! -i br-5e7cf3af7324 -p tcp -m tcp --dport 8090 -j DNAT --to-destination 172.22.0.3:80
- -A DOCKER ! -i br-ea08848adeff -p tcp -m tcp --dport 8082 -j DNAT --to-destination 172.19.0.2:8080
- COMMIT
- # Completed on Wed May 9 16:31:49 2018
- # Generated by iptables-save v1.6.0 on Wed May 9 16:31:49 2018
- *filter
- :INPUT DROP [3:124]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :DOCKER - [0:0]
- :DOCKER-ISOLATION - [0:0]
- :DOCKER-USER - [0:0]
- :f2b-apache-auth - [0:0]
- :f2b-apache-badbots - [0:0]
- :f2b-apache-botsearch - [0:0]
- :f2b-apache-fakegooglebot - [0:0]
- :f2b-apache-modsecurity - [0:0]
- :f2b-apache-nohome - [0:0]
- :f2b-apache-noscript - [0:0]
- :f2b-apache-overflows - [0:0]
- :f2b-apache-shellshock - [0:0]
- :f2b-dovecot - [0:0]
- :f2b-mysshd - [0:0]
- :f2b-postfix - [0:0]
- :f2b-sshd - [0:0]
- :ufw-after-forward - [0:0]
- :ufw-after-input - [0:0]
- :ufw-after-logging-forward - [0:0]
- :ufw-after-logging-input - [0:0]
- :ufw-after-logging-output - [0:0]
- :ufw-after-output - [0:0]
- :ufw-before-forward - [0:0]
- :ufw-before-input - [0:0]
- :ufw-before-logging-forward - [0:0]
- :ufw-before-logging-input - [0:0]
- :ufw-before-logging-output - [0:0]
- :ufw-before-output - [0:0]
- :ufw-logging-allow - [0:0]
- :ufw-logging-deny - [0:0]
- :ufw-not-local - [0:0]
- :ufw-reject-forward - [0:0]
- :ufw-reject-input - [0:0]
- :ufw-reject-output - [0:0]
- :ufw-skip-to-policy-forward - [0:0]
- :ufw-skip-to-policy-input - [0:0]
- :ufw-skip-to-policy-output - [0:0]
- :ufw-track-forward - [0:0]
- :ufw-track-input - [0:0]
- :ufw-track-output - [0:0]
- :ufw-user-forward - [0:0]
- :ufw-user-input - [0:0]
- :ufw-user-limit - [0:0]
- :ufw-user-limit-accept - [0:0]
- :ufw-user-logging-forward - [0:0]
- :ufw-user-logging-input - [0:0]
- :ufw-user-logging-output - [0:0]
- :ufw-user-output - [0:0]
- -A INPUT -p tcp -m multiport --dports 2222 -j f2b-mysshd
- -A INPUT -p tcp -m multiport --dports 110,995,143,993,587,465,4190 -j f2b-dovecot
- -A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix
- -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-shellshock
- -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-modsecurity
- -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-fakegooglebot
- -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-botsearch
- -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-nohome
- -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-overflows
- -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-noscript
- -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-badbots
- -A INPUT -p tcp -m multiport --dports 80,443,8080 -j f2b-apache-auth
- -A INPUT -p tcp -m multiport --dports 2020 -j f2b-sshd
- -A INPUT -j ufw-before-logging-input
- -A INPUT -j ufw-before-input
- -A INPUT -j ufw-after-input
- -A INPUT -j ufw-after-logging-input
- -A INPUT -j ufw-reject-input
- -A INPUT -j ufw-track-input
- -A FORWARD -s 189.236.63.247/32 -j DROP
- -A FORWARD -s 37.191.50.28/32 -j DROP
- -A FORWARD -s 193.91.67.75/32 -j DROP
- -A FORWARD -j DOCKER-USER
- -A FORWARD -j DOCKER-ISOLATION
- -A FORWARD -o br-ea08848adeff -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -o br-ea08848adeff -j DOCKER
- -A FORWARD -i br-ea08848adeff ! -o br-ea08848adeff -j ACCEPT
- -A FORWARD -i br-ea08848adeff -o br-ea08848adeff -j ACCEPT
- -A FORWARD -o br-5e7cf3af7324 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -o br-5e7cf3af7324 -j DOCKER
- -A FORWARD -i br-5e7cf3af7324 ! -o br-5e7cf3af7324 -j ACCEPT
- -A FORWARD -i br-5e7cf3af7324 -o br-5e7cf3af7324 -j ACCEPT
- -A FORWARD -o br-c52d59e4bc11 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -o br-c52d59e4bc11 -j DOCKER
- -A FORWARD -i br-c52d59e4bc11 ! -o br-c52d59e4bc11 -j ACCEPT
- -A FORWARD -i br-c52d59e4bc11 -o br-c52d59e4bc11 -j ACCEPT
- -A FORWARD -o br-387f8072f56a -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -o br-387f8072f56a -j DOCKER
- -A FORWARD -i br-387f8072f56a ! -o br-387f8072f56a -j ACCEPT
- -A FORWARD -i br-387f8072f56a -o br-387f8072f56a -j ACCEPT
- -A FORWARD -o br-a7cc1ec0a07b -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -o br-a7cc1ec0a07b -j DOCKER
- -A FORWARD -i br-a7cc1ec0a07b ! -o br-a7cc1ec0a07b -j ACCEPT
- -A FORWARD -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -j ACCEPT
- -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -o docker0 -j DOCKER
- -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
- -A FORWARD -i docker0 -o docker0 -j ACCEPT
- -A FORWARD -j ufw-before-logging-forward
- -A FORWARD -j ufw-before-forward
- -A FORWARD -j ufw-after-forward
- -A FORWARD -j ufw-after-logging-forward
- -A FORWARD -j ufw-reject-forward
- -A FORWARD -j ufw-track-forward
- -A OUTPUT -j ufw-before-logging-output
- -A OUTPUT -j ufw-before-output
- -A OUTPUT -j ufw-after-output
- -A OUTPUT -j ufw-after-logging-output
- -A OUTPUT -j ufw-reject-output
- -A OUTPUT -j ufw-track-output
- -A DOCKER -d 172.18.0.3/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 80 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30009 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30008 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30007 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30006 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30005 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30004 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30003 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30002 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30001 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 30000 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 8080 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 22 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 995 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 993 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 587 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 465 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 443 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 143 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 110 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 80 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 53 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p udp -m udp --dport 53 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 25 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 21 -j ACCEPT
- -A DOCKER -d 172.18.0.4/32 ! -i br-a7cc1ec0a07b -o br-a7cc1ec0a07b -p tcp -m tcp --dport 20 -j ACCEPT
- -A DOCKER -d 172.20.0.3/32 ! -i br-387f8072f56a -o br-387f8072f56a -p tcp -m tcp --dport 8069 -j ACCEPT
- -A DOCKER -d 172.22.0.3/32 ! -i br-5e7cf3af7324 -o br-5e7cf3af7324 -p tcp -m tcp --dport 443 -j ACCEPT
- -A DOCKER -d 172.22.0.3/32 ! -i br-5e7cf3af7324 -o br-5e7cf3af7324 -p tcp -m tcp --dport 80 -j ACCEPT
- -A DOCKER -d 172.19.0.2/32 ! -i br-ea08848adeff -o br-ea08848adeff -p tcp -m tcp --dport 8080 -j ACCEPT
- -A DOCKER-ISOLATION -i docker0 -o br-ea08848adeff -j DROP
- -A DOCKER-ISOLATION -i br-ea08848adeff -o docker0 -j DROP
- -A DOCKER-ISOLATION -i br-a7cc1ec0a07b -o br-ea08848adeff -j DROP
- -A DOCKER-ISOLATION -i br-ea08848adeff -o br-a7cc1ec0a07b -j DROP
- -A DOCKER-ISOLATION -i br-5e7cf3af7324 -o br-ea08848adeff -j DROP
- -A DOCKER-ISOLATION -i br-ea08848adeff -o br-5e7cf3af7324 -j DROP
- -A DOCKER-ISOLATION -i br-c52d59e4bc11 -o br-ea08848adeff -j DROP
- -A DOCKER-ISOLATION -i br-ea08848adeff -o br-c52d59e4bc11 -j DROP
- -A DOCKER-ISOLATION -i br-387f8072f56a -o br-ea08848adeff -j DROP
- -A DOCKER-ISOLATION -i br-ea08848adeff -o br-387f8072f56a -j DROP
- -A DOCKER-ISOLATION -i br-c52d59e4bc11 -o br-5e7cf3af7324 -j DROP
- -A DOCKER-ISOLATION -i br-5e7cf3af7324 -o br-c52d59e4bc11 -j DROP
- -A DOCKER-ISOLATION -i br-387f8072f56a -o br-5e7cf3af7324 -j DROP
- -A DOCKER-ISOLATION -i br-5e7cf3af7324 -o br-387f8072f56a -j DROP
- -A DOCKER-ISOLATION -i docker0 -o br-5e7cf3af7324 -j DROP
- -A DOCKER-ISOLATION -i br-5e7cf3af7324 -o docker0 -j DROP
- -A DOCKER-ISOLATION -i br-a7cc1ec0a07b -o br-5e7cf3af7324 -j DROP
- -A DOCKER-ISOLATION -i br-5e7cf3af7324 -o br-a7cc1ec0a07b -j DROP
- -A DOCKER-ISOLATION -i br-387f8072f56a -o br-c52d59e4bc11 -j DROP
- -A DOCKER-ISOLATION -i br-c52d59e4bc11 -o br-387f8072f56a -j DROP
- -A DOCKER-ISOLATION -i docker0 -o br-c52d59e4bc11 -j DROP
- -A DOCKER-ISOLATION -i br-c52d59e4bc11 -o docker0 -j DROP
- -A DOCKER-ISOLATION -i br-a7cc1ec0a07b -o br-c52d59e4bc11 -j DROP
- -A DOCKER-ISOLATION -i br-c52d59e4bc11 -o br-a7cc1ec0a07b -j DROP
- -A DOCKER-ISOLATION -i docker0 -o br-387f8072f56a -j DROP
- -A DOCKER-ISOLATION -i br-387f8072f56a -o docker0 -j DROP
- -A DOCKER-ISOLATION -i br-a7cc1ec0a07b -o br-387f8072f56a -j DROP
- -A DOCKER-ISOLATION -i br-387f8072f56a -o br-a7cc1ec0a07b -j DROP
- -A DOCKER-ISOLATION -i docker0 -o br-a7cc1ec0a07b -j DROP
- -A DOCKER-ISOLATION -i br-a7cc1ec0a07b -o docker0 -j DROP
- -A DOCKER-ISOLATION -j RETURN
- -A DOCKER-USER -j RETURN
- -A f2b-apache-auth -j RETURN
- -A f2b-apache-badbots -j RETURN
- -A f2b-apache-botsearch -j RETURN
- -A f2b-apache-fakegooglebot -j RETURN
- -A f2b-apache-modsecurity -j RETURN
- -A f2b-apache-nohome -j RETURN
- -A f2b-apache-noscript -j RETURN
- -A f2b-apache-overflows -j RETURN
- -A f2b-apache-shellshock -j RETURN
- -A f2b-dovecot -s 37.76.97.154/32 -j REJECT --reject-with icmp-port-unreachable
- -A f2b-dovecot -j RETURN
- -A f2b-mysshd -j RETURN
- -A f2b-postfix -j RETURN
- -A f2b-sshd -j RETURN
- -A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
- -A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
- -A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
- -A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
- -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
- -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
- -A ufw-after-input -p tcp -m tcp --dport 80 -j ufw-skip-to-policy-input
- -A ufw-after-input -p tcp -m tcp --dport 443 -j ufw-skip-to-policy-input
- -A ufw-after-input -p tcp -m tcp --dport 8080 -j ufw-skip-to-policy-input
- -A ufw-after-input -p tcp -m tcp --dport 25 -j ufw-skip-to-policy-input
- -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
- -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
- -A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
- -A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
- -A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
- -A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
- -A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
- -A ufw-before-forward -j ufw-user-forward
- -A ufw-before-input -i lo -j ACCEPT
- -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
- -A ufw-before-input -m conntrack --ctstate INVALID -j DROP
- -A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
- -A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
- -A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
- -A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
- -A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
- -A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
- -A ufw-before-input -j ufw-not-local
- -A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
- -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
- -A ufw-before-input -j ufw-user-input
- -A ufw-before-output -o lo -j ACCEPT
- -A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A ufw-before-output -j ufw-user-output
- -A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
- -A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
- -A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
- -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
- -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
- -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
- -A ufw-not-local -m limit --limit 30/min --limit-burst 100 -j ufw-logging-deny
- -A ufw-not-local -j DROP
- -A ufw-skip-to-policy-forward -j ACCEPT
- -A ufw-skip-to-policy-input -j DROP
- -A ufw-skip-to-policy-output -j ACCEPT
- -A ufw-track-forward -p tcp -m conntrack --ctstate NEW -j ACCEPT
- -A ufw-track-forward -p udp -m conntrack --ctstate NEW -j ACCEPT
- -A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
- -A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
- -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
- -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
- -A ufw-user-input -p tcp -m tcp --dport 22 -j ufw-user-limit-accept
- -A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
- -A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
- -A ufw-user-input -p udp -m udp --dport 22 -j ufw-user-limit-accept
- -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
- -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
- -A ufw-user-input -p tcp -m tcp --dport 22 -j ufw-user-limit-accept
- -A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
- -A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
- -A ufw-user-input -p udp -m udp --dport 22 -j ufw-user-limit-accept
- -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
- -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
- -A ufw-user-input -p tcp -m tcp --dport 22 -j ufw-user-limit-accept
- -A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
- -A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
- -A ufw-user-input -p udp -m udp --dport 22 -j ufw-user-limit-accept
- -A ufw-user-input -p tcp -m tcp --dport 2020 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
- -A ufw-user-input -p tcp -m tcp --dport 2020 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
- -A ufw-user-input -p tcp -m tcp --dport 2020 -j ufw-user-limit-accept
- -A ufw-user-input -p udp -m udp --dport 2020 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
- -A ufw-user-input -p udp -m udp --dport 2020 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
- -A ufw-user-input -p udp -m udp --dport 2020 -j ufw-user-limit-accept
- -A ufw-user-input -p tcp -m tcp --dport 2375 -j ACCEPT
- -A ufw-user-input -p tcp -m tcp --dport 2376 -j ACCEPT
- -A ufw-user-input -p tcp -m tcp --dport 2020 -j ACCEPT
- -A ufw-user-input -s 172.17.0.0/24 -p tcp -m tcp --dport 4949 -j ACCEPT
- -A ufw-user-input -s 172.17.0.0/24 -p udp -m udp --dport 4949 -j ACCEPT
- -A ufw-user-input -s 133.130.107.3/32 -j DROP
- -A ufw-user-input -s 172.0.0.0/8 -j ACCEPT
- -A ufw-user-input -p udp -m udp --dport 1194 -j ACCEPT
- -A ufw-user-input -p tcp -m tcp --dport 25 -j ACCEPT
- -A ufw-user-input -p udp -m udp --dport 25 -j ACCEPT
- -A ufw-user-input -s 5.61.38.11/32 -j DROP
- -A ufw-user-input -d 5.61.38.11/32 -j DROP
- -A ufw-user-input -s 192.168.255.6/32 -p tcp -m tcp --dport 10050 -j ACCEPT
- -A ufw-user-input -s 192.168.255.6/32 -p udp -m udp --dport 10050 -j ACCEPT
- -A ufw-user-input -s 192.168.255.6/32 -p tcp -m tcp --dport 5666 -j ACCEPT
- -A ufw-user-input -s 192.168.255.6/32 -p udp -m udp --dport 5666 -j ACCEPT
- -A ufw-user-input -s 0.0.0.0/32 -d 5.61.38.11/32 -j DROP
- -A ufw-user-input -p tcp -m tcp --dport 10443 -j ACCEPT
- -A ufw-user-input -p udp -m udp --dport 10443 -j ACCEPT
- -A ufw-user-input -p tcp -m tcp --dport 8090 -j ACCEPT
- -A ufw-user-input -p udp -m udp --dport 8090 -j ACCEPT
- -A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
- -A ufw-user-input -p udp -m udp --dport 80 -j ACCEPT
- -A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
- -A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
- -A ufw-user-limit-accept -j ACCEPT
- -A ufw-user-output -d 5.61.38.11/32 -j REJECT --reject-with icmp-port-unreachable
- COMMIT
- # Completed on Wed May 9 16:31:49 20
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement