Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@box-688896:~# iptables-save
- # Generated by iptables-save v1.8.4 on Tue Apr 19 01:16:59 2022
- *filter
- :INPUT ACCEPT [17:3423]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [42:5425]
- :f2b-sshd - [0:0]
- :ufw-after-forward - [0:0]
- :ufw-after-input - [0:0]
- :ufw-after-logging-forward - [0:0]
- :ufw-after-logging-input - [0:0]
- :ufw-after-logging-output - [0:0]
- :ufw-after-output - [0:0]
- :ufw-before-forward - [0:0]
- :ufw-before-input - [0:0]
- :ufw-before-logging-forward - [0:0]
- :ufw-before-logging-input - [0:0]
- :ufw-before-logging-output - [0:0]
- :ufw-before-output - [0:0]
- :ufw-reject-forward - [0:0]
- :ufw-reject-input - [0:0]
- :ufw-reject-output - [0:0]
- :ufw-track-forward - [0:0]
- :ufw-track-input - [0:0]
- :ufw-track-output - [0:0]
- -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
- -A INPUT -p udp -m udp --dport 1194 -j ACCEPT
- -A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol none -j DROP
- -A INPUT -m conntrack --ctstate INVALID -j DROP
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
- -A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
- -A INPUT -p udp -m udp --dport 1701 -j DROP
- -A INPUT -j ufw-before-logging-input
- -A INPUT -j ufw-before-input
- -A INPUT -j ufw-after-input
- -A INPUT -j ufw-after-logging-input
- -A INPUT -j ufw-reject-input
- -A INPUT -j ufw-track-input
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -s 10.8.0.0/24 -j ACCEPT
- -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -m conntrack --ctstate INVALID -j DROP
- -A FORWARD -i ens3 -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i ppp+ -o ens3 -j ACCEPT
- -A FORWARD -i ppp+ -o ppp+ -j ACCEPT
- -A FORWARD -d 192.168.43.0/24 -i ens3 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -s 192.168.43.0/24 -o ens3 -j ACCEPT
- -A FORWARD -s 192.168.43.0/24 -o ppp+ -j ACCEPT
- -A FORWARD -j ufw-before-logging-forward
- -A FORWARD -j ufw-before-forward
- -A FORWARD -j ufw-after-forward
- -A FORWARD -j ufw-after-logging-forward
- -A FORWARD -j ufw-reject-forward
- -A FORWARD -j ufw-track-forward
- -A FORWARD -j DROP
- -A FORWARD -i tun0 -j ACCEPT
- -A FORWARD -i ens3 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i ens3 -p tcp -m tcp --dport 8080 -j ACCEPT
- -A OUTPUT -j ufw-before-logging-output
- -A OUTPUT -j ufw-before-output
- -A OUTPUT -j ufw-after-output
- -A OUTPUT -j ufw-after-logging-output
- -A OUTPUT -j ufw-reject-output
- -A OUTPUT -j ufw-track-output
- -A f2b-sshd -s 185.98.225.148/32 -j REJECT --reject-with icmp-port-unreachable
- -A f2b-sshd -s 66.96.237.197/32 -j REJECT --reject-with icmp-port-unreachable
- -A f2b-sshd -s 43.155.109.48/32 -j REJECT --reject-with icmp-port-unreachable
- -A f2b-sshd -s 73.13.104.201/32 -j REJECT --reject-with icmp-port-unreachable
- -A f2b-sshd -s 109.167.197.20/32 -j REJECT --reject-with icmp-port-unreachable
- -A f2b-sshd -j RETURN
- COMMIT
- # Completed on Tue Apr 19 01:16:59 2022
- # Generated by iptables-save v1.8.4 on Tue Apr 19 01:16:59 2022
- *nat
- :PREROUTING ACCEPT [284:30034]
- :INPUT ACCEPT [66:6533]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [2:96]
- -A PREROUTING -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.8.0.2
- -A POSTROUTING -s 192.168.42.0/24 -o ens3 -j MASQUERADE
- -A POSTROUTING -s 192.168.43.0/24 -o ens3 -m policy --dir out --pol none -j MASQUERADE
- -A POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE
- -A POSTROUTING -o ens3 -j MASQUERADE
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
