Guest User

Jolla iptables rules

a guest
May 2nd, 2014
542
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Generated by iptables-save v1.4.15 on Fri May 2 14:06:08 2014
  2. *nat
  3. :PREROUTING ACCEPT [0:0]
  4. :INPUT ACCEPT [0:0]
  5. :OUTPUT ACCEPT [0:0]
  6. :POSTROUTING ACCEPT [0:0]
  7. -A OUTPUT -m comment --comment "Redirect DNS queries to Google DNS to Jolla's local resolver"
  8. -A OUTPUT -d 8.8.8.8/32 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
  9. -A OUTPUT -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
  10. -A OUTPUT -d 8.8.4.4/32 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
  11. -A OUTPUT -d 8.8.4.4/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
  12. COMMIT
  13. # Completed on Fri May 2 14:06:08 2014
  14. # Generated by iptables-save v1.4.15 on Fri May 2 14:06:08 2014
  15. *filter
  16. :INPUT DROP [0:0]
  17. :FORWARD DROP [0:0]
  18. :OUTPUT ACCEPT [1435:203702]
  19. -A INPUT -m conntrack --ctstate INVALID -j DROP
  20. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  21. -A INPUT -i lo -j ACCEPT
  22. -A INPUT -i wlan0 -p tcp -m tcp --dport 22 -m comment --comment "Allow SSH from WLAN"-j ACCEPT
  23. -A INPUT -i wlan0 -p icmp -m icmp --icmp-type 8 -m comment --comment "Allow ping from WLAN" -j ACCEPT
  24. -A INPUT -i tether -p udp -m udp --sport 68 --dport 67 -m comment --comment "Allow DHCP from tethering" -j ACCEPT
  25. -A INPUT -s 192.168.0.0/16 -i tether -p udp -m udp --dport 53 -m comment --comment "Allow DNS/udp queries from tethering" -j ACCEPT
  26. -A INPUT -s 192.168.0.0/16 -i tether -p tcp -m tcp --dport 53 -m comment --comment "Allow DNS/tcp queries from tethering" -j ACCEPT
  27. -A INPUT -i rndis0 -p tcp -m tcp --dport 22 -m comment --comment "Allow SSH from USB dev.mode" -j ACCEPT
  28. -A INPUT -i rndis0 -p icmp -m icmp --icmp-type 8 -m comment --comment "Allow ping from USB dev.mode" -j ACCEPT
  29. -A INPUT -m pkttype --pkt-type broadcast -j DROP
  30. -A INPUT -m pkttype --pkt-type multicast -j DROP
  31. -A INPUT -d 224.0.0.1/32 -p igmp -j DROP
  32. -A INPUT -j LOG --log-prefix "Firewall [IN:DROP] "
  33. -A INPUT -j DROP
  34. -A FORWARD -m conntrack --ctstate INVALID -j DROP
  35. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  36. -A FORWARD -s 192.168.0.0/16 -i tether -m conntrack --ctstate NEW -m comment --comment "Allow tether to access Internet" -j ACCEPT
  37. -A FORWARD -j LOG --log-prefix "Firewall [FWD:DROP] "
  38. -A FORWARD -j DROP
  39. COMMIT
  40. # Completed on Fri May 2 14:06:08 2014
RAW Paste Data