Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Generated by iptables-save v1.6.0 on Wed Oct 23 08:58:12 2019
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT DROP [0:0]
- :lan - [0:0]
- -A INPUT -m state --state ESTABLISHED -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
- -A OUTPUT -o lo -p icmp -m state --state RELATED -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 9050 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner 104 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 9050 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner 13 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 9050 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner 65534 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 9050,9062,9150 -m owner --uid-owner 1000 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 9062 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner 116 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 9062 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner 117 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 9062 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner 118 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 9052 -m owner --uid-owner 0 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 9051 -m owner --uid-owner 1000 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 9051 -m owner --uid-owner 119 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 9040 -m owner --uid-owner 1000 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p udp -m udp --dport 53 -m owner --uid-owner 1000 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p udp -m udp --dport 5353 -m owner --uid-owner 1000 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p udp -m udp --dport 53 -m owner --uid-owner 104 -j DROP
- -A OUTPUT -d 127.0.0.1/32 -o lo -p udp -m udp --dport 5353 -m owner --uid-owner 104 -j DROP
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 4101 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner 1000 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 4101 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner 113 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 631 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner 1000 -j ACCEPT
- -A OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 17600:17650 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner 1000 -j ACCEPT
- -A OUTPUT ! -o lo -p tcp -m owner --uid-owner 114 -j ACCEPT
- -A OUTPUT ! -o lo -p udp -m owner --uid-owner 114 -m udp --dport 53 -j ACCEPT
- -A OUTPUT -p tcp -m owner --uid-owner 107 -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT
- -A OUTPUT -p udp -m owner --uid-owner 107 -m udp --dport 53 -j ACCEPT
- -A OUTPUT -d 10.0.0.0/8 -j lan
- -A OUTPUT -d 172.16.0.0/12 -j lan
- -A OUTPUT -d 192.168.0.0/16 -j lan
- -A OUTPUT -j LOG --log-prefix "Dropped outbound packet: " --log-level 7 --log-uid
- -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
- -A lan -p tcp -m tcp --dport 53 -j REJECT --reject-with icmp-port-unreachable
- -A lan -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
- -A lan -p tcp -m tcp --dport 137 -j REJECT --reject-with icmp-port-unreachable
- -A lan -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-unreachable
- -A lan -j ACCEPT
- COMMIT
- # Completed on Wed Oct 23 08:58:12 2019
- # Generated by iptables-save v1.6.0 on Wed Oct 23 08:58:12 2019
- *nat
- :PREROUTING ACCEPT [0:0]
- :INPUT ACCEPT [0:0]
- :OUTPUT ACCEPT [88:4576]
- :POSTROUTING ACCEPT [88:4576]
- -A OUTPUT -d 127.192.0.0/10 -p tcp -j REDIRECT --to-ports 9040
- -A OUTPUT -d 127.0.0.1/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353
- COMMIT
- # Completed on Wed Oct 23 08:58:12 2019
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
