API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 20th, 2019
215
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.59 KB | None | 0 0
raw download clone embed print report
  1. *mangle
  2. :PREROUTING ACCEPT [5685:557690]
  3. :INPUT ACCEPT [5685:557690]
  4. :FORWARD ACCEPT [0:0]
  5. :OUTPUT ACCEPT [4995:428281]
  6. :POSTROUTING ACCEPT [5155:469161]
  7. -A PREROUTING -m conntrack --ctstate INVALID -j DROP
  8. -A PREROUTING -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j DROP
  9. -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
  10. -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
  11. -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
  12. -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
  13. -A PREROUTING -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
  14. -A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
  15. -A PREROUTING -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
  16. -A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
  17. -A PREROUTING -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
  18. -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
  19. -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
  20. -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
  21. -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,PSH,URG -j DROP
  22. -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
  23. COMMIT
  24. # Completed on Mon May 20 06:35:24 2019
  25. # Generated by iptables-save v1.6.1 on Mon May 20 06:35:24 2019
  26. *filter
  27. :INPUT DROP [954:148824]
  28. :FORWARD DROP [0:0]
  29. :OUTPUT ACCEPT [4999:429049]
  30. :port-scanning - [0:0]
  31. -A INPUT -i lo -j ACCEPT
  32. -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
  33. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  34. -A INPUT -i tun0 -p icmp -j ACCEPT
  35. -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/sec --limit-burst 20 -j ACCEPT
  36. -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
  37. -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
  38. -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 --name DEFAULT --mask 255.255.255.255 --rsource -j DROP
  39. -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
  40. -A port-scanning -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec --limit-burst 2 -j RETURN
  41. -A port-scanning -j DROP
  42. COMMIT
  43. # Completed on Mon May 20 06:35:24 2019
  44. # Generated by iptables-save v1.6.1 on Mon May 20 06:35:24 2019
  45. *nat
  46. :PREROUTING ACCEPT [961:149200]
  47. :INPUT ACCEPT [7:376]
  48. :OUTPUT ACCEPT [643:71082]
  49. :POSTROUTING DROP [803:111962]
  50. COMMIT
  51. # Completed on Mon May 20 06:35:24 2019
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!