API tools faq
paste
ShapeShifter499

firewall

ShapeShifter499
Jun 14th, 2013
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.04 KB | None | 0 0
raw download clone embed print report
  1. ###****FIREWALL PRESETUP****###
  2.  
  3. *nat
  4.  
  5. # Wireless devices wlan0
  6. -A POSTROUTING -o eth0 -s 10.0.0.2/24 -j MASQUERADE
  7.  
  8. # Personal VPN tun0 to this network from my devices
  9. -A POSTROUTING -o eth0 -s 10.0.2.0/24 -j MASQUERADE
  10.  
  11. # Iodine (IP-over-DNS) dns0 and dns1
  12. -A POSTROUTING -o eth0 -s 172.16.0.1/27 -j MASQUERADE
  13. -A POSTROUTING -o eth0 -s 172.16.2.1/27 -j MASQUERADE
  14.  
  15. COMMIT
  16.  
  17. ###****BEGIN GLOBAL FIREWALL****###
  18.  
  19. *filter
  20.  
  21. # Block unwanted traffic
  22. :FORWARD DROP
  23. :INPUT DROP
  24.  
  25. # Allow wanted traffic to/from all interfaces
  26. :OUTPUT ACCEPT
  27. -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  28.  
  29. # Make sure wanted traffic to/from wlan0 (LAN) is allowed
  30. -A FORWARD -i wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  31.  
  32. # Make sure wanted traffic to/from tun0 (VPN) is allowed
  33. -A FORWARD -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  34. -A FORWARD -i tun0 -o eth0 -s 10.0.2.0/25 -m state --state ESTABLISHED,RELATED -j ACCEPT
  35.  
  36. # Also allow traffic to/from tun0 (VPN) to wlan0 (LAN)
  37. -A FORWARD -i tun0 -o wlan0 -s 10.0.2.0/25 -d 10.0.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
  38.  
  39. # Also allow traffic to/from tun0 (VPN) to eth0 (WAN)
  40. -A FORWARD -i tun0 -o eth0 -s 10.0.2.0/25 -d 192.168.2.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
  41.  
  42. # Make sure wanted traffic to/from dns0 and dns1, Iodine (IP-over-DNS), is allowed
  43. -A FORWARD -i dns0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  44. -A FORWARD -i dns1 -m state --state RELATED,ESTABLISHED -j ACCEPT
  45.  
  46. # Also allow traffic to/from dns0 and dns1, Iodine (IP-over-DNS), to wlan0 (LAN)
  47. -A FORWARD -i dns0 -o wlan0 -s 172.16.0.1/27 -d 10.0.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
  48. -A FORWARD -i dns1 -o wlan0 -s 172.16.2.1/27 -d 10.0.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
  49.  
  50. # Also allow traffic to/from dns0 and dns1, Iodine (IP-over-DNS), to eth0 (WAN)
  51. -A FORWARD -i dns0 -o wlan0 -s 172.16.0.1/27 -d 192.168.2.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
  52. -A FORWARD -i dns1 -o wlan0 -s 172.16.2.1/27 -d 192.168.2.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
  53.  
  54. # Allow wanted traffic into the router itself
  55. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  56.  
  57. ###****BEGIN WIFI FIREWALL ****###
  58.  
  59. #Logging
  60. #-A FORWARD -i wlan0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"
  61. #-I FORWARD 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
  62.  
  63. # dns
  64. -A FORWARD -i wlan0 -o eth0 -p udp --dport 53 -j ACCEPT
  65.  
  66. # http, https
  67. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 80 -j ACCEPT
  68. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 443 -j ACCEPT
  69.  
  70. # Splashtop streamer
  71. -A FORWARD -i wlan0 -o eth0 -m multiport -p tcp --dport 6783:6785 -j ACCEPT
  72. -A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 6783:6785 -j ACCEPT
  73.  
  74. # CallCentric VOIP
  75. -A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 5060:5080 -j ACCEPT
  76. -A FORWARD -i wlan0 -o eth0 -p udp --dport 65535 -j ACCEPT
  77.  
  78. # Google hangout, voip, and other google services
  79. -A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 19305:19309 -j ACCEPT
  80. -A FORWARD -i wlan0 -o eth0 -m multiport -p tcp --dport 19305:19309 -j ACCEPT
  81. -A FORWARD -i wlan0 -o eth0 -p udp --dport 5228 -j ACCEPT
  82. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 5228 -j ACCEPT
  83. -A FORWARD -i wlan0 -o eth0 -p udp --dport 14259 -j ACCEPT
  84. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 14259 -j ACCEPT
  85.  
  86. # Torrent
  87. -A FORWARD -i wlan0 -o eth0 -p udp --dport 80 -j ACCEPT
  88. -A FORWARD -i wlan0 -o eth0 -p udp --dport 6969 -j ACCEPT
  89. -A FORWARD -i wlan0 -o eth0 -p udp --dport 1337 -j ACCEPT
  90.  
  91. # Email
  92. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 25 -j ACCEPT
  93.  
  94. # iCloud Email
  95. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 587 -j ACCEPT
  96.  
  97. # Gmail SMTP SSL
  98. -A FORWARD -i wlan0 -o eth0 -p udp --dport 465 -j ACCEPT
  99. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 465 -j ACCEPT
  100.  
  101. # Gmail SMTP StartTLS
  102. -A FORWARD -i wlan0 -o eth0 -p udp --dport 587 -j ACCEPT
  103. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 587 -j ACCEPT
  104.  
  105. # Gmail IMAP SSL
  106. -A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 993:995 -j ACCEPT
  107. -A FORWARD -i wlan0 -o eth0 -m multiport -p tcp --dport 993:995 -j ACCEPT
  108.  
  109. # irc
  110. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 7070 -j ACCEPT
  111. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 1338 -j ACCEPT
  112. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 6667 -j ACCEPT
  113. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 6697 -j ACCEPT
  114.  
  115. # MUD
  116. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 2000 -j ACCEPT
  117. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 1843 -j ACCEPT
  118. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 843 -j ACCEPT
  119.  
  120. # ssh
  121. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 22 -j ACCEPT
  122.  
  123. # vpn
  124. -A FORWARD -i wlan0 -o eth0 -p udp --dport 1194 -j ACCEPT
  125.  
  126. # iOS iMessages, Facetime
  127. -A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 3478:3487 -j ACCEPT
  128. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 5223 -j ACCEPT
  129. -A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 16384:16387 -j ACCEPT
  130. -A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 16393:16402 -j ACCEPT
  131.  
  132. # Allow PING from remote hosts.
  133. -A FORWARD -i wlan0 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT
  134.  
  135. ###****BEGIN IODINE (IP-over-DNS, dns0 and dns1) FIREWALL ****###
  136.  
  137. #Logging
  138. #-A FORWARD -i dns0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"
  139.  
  140. # dns
  141. -A FORWARD -i dns0 -o eth0 -p udp --dport 53 -j ACCEPT
  142. -A FORWARD -i dns1 -o eth0 -p udp --dport 53 -j ACCEPT
  143.  
  144. # http, https
  145. -A FORWARD -i dns0 -o eth0 -p tcp --dport 80 -j ACCEPT
  146. -A FORWARD -i dns0 -o eth0 -p tcp --dport 443 -j ACCEPT
  147. -A FORWARD -i dns1 -o eth0 -p tcp --dport 80 -j ACCEPT
  148. -A FORWARD -i dns1 -o eth0 -p tcp --dport 443 -j ACCEPT
  149.  
  150. # Splashtop streamer
  151. -A FORWARD -i dns0 -o eth0 -m multiport -p tcp --dport 6783:6785 -j ACCEPT
  152. -A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 6783:6785 -j ACCEPT
  153. -A FORWARD -i dns1 -o eth0 -m multiport -p tcp --dport 6783:6785 -j ACCEPT
  154. -A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 6783:6785 -j ACCEPT
  155.  
  156. # CallCentric VOIP
  157. -A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 5060:5080 -j ACCEPT
  158. -A FORWARD -i dns0 -o eth0 -p udp --dport 65535 -j ACCEPT
  159. -A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 5060:5080 -j ACCEPT
  160. -A FORWARD -i dns1 -o eth0 -p udp --dport 65535 -j ACCEPT
  161.  
  162. # Google hangout, voip, and other google services
  163. -A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 19305:19309 -j ACCEPT
  164. -A FORWARD -i dns0 -o eth0 -m multiport -p tcp --dport 19305:19309 -j ACCEPT
  165. -A FORWARD -i dns0 -o eth0 -p udp --dport 5228 -j ACCEPT
  166. -A FORWARD -i dns0 -o eth0 -p tcp --dport 5228 -j ACCEPT
  167. -A FORWARD -i dns0 -o eth0 -p udp --dport 14259 -j ACCEPT
  168. -A FORWARD -i dns0 -o eth0 -p tcp --dport 14259 -j ACCEPT
  169. -A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 19305:19309 -j ACCEPT
  170. -A FORWARD -i dns1 -o eth0 -m multiport -p tcp --dport 19305:19309 -j ACCEPT
  171. -A FORWARD -i dns1 -o eth0 -p udp --dport 5228 -j ACCEPT
  172. -A FORWARD -i dns1 -o eth0 -p tcp --dport 5228 -j ACCEPT
  173. -A FORWARD -i dns1 -o eth0 -p udp --dport 14259 -j ACCEPT
  174. -A FORWARD -i dns1 -o eth0 -p tcp --dport 14259 -j ACCEPT
  175.  
  176. # Torrent
  177. -A FORWARD -i dns0 -o eth0 -p udp --dport 80 -j ACCEPT
  178. -A FORWARD -i dns0 -o eth0 -p udp --dport 6969 -j ACCEPT
  179. -A FORWARD -i dns0 -o eth0 -p udp --dport 1337 -j ACCEPT
  180. -A FORWARD -i dns1 -o eth0 -p udp --dport 80 -j ACCEPT
  181. -A FORWARD -i dns1 -o eth0 -p udp --dport 6969 -j ACCEPT
  182. -A FORWARD -i dns1 -o eth0 -p udp --dport 1337 -j ACCEPT
  183.  
  184. # Email
  185. -A FORWARD -i dns0 -o eth0 -p tcp --dport 25 -j ACCEPT
  186. -A FORWARD -i dns1 -o eth0 -p tcp --dport 25 -j ACCEPT
  187.  
  188. # iCloud Email
  189. -A FORWARD -i dns0 -o eth0 -p tcp --dport 587 -j ACCEPT
  190. -A FORWARD -i dns1 -o eth -p tcp --dport 587 -j ACCEPT
  191.  
  192. # Gmail SMTP SSL
  193. -A FORWARD -i dns0 -o eth0 -p udp --dport 465 -j ACCEPT
  194. -A FORWARD -i dns0 -o eth0 -p tcp --dport 465 -j ACCEPT
  195. -A FORWARD -i dns1 -o eth0 -p udp --dport 465 -j ACCEPT
  196. -A FORWARD -i dns1 -o eth0 -p tcp --dport 465 -j ACCEPT
  197.  
  198. # Gmail SMTP StartTLS
  199. -A FORWARD -i dns0 -o eth0 -p udp --dport 587 -j ACCEPT
  200. -A FORWARD -i dns0 -o eth0 -p tcp --dport 587 -j ACCEPT
  201. -A FORWARD -i dns1 -o eth0 -p udp --dport 587 -j ACCEPT
  202. -A FORWARD -i dns1 -o eth0 -p tcp --dport 587 -j ACCEPT
  203.  
  204. # Gmail IMAP SSL
  205. -A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 993:995 -j ACCEPT
  206. -A FORWARD -i dns0 -o eth0 -m multiport -p tcp --dport 993:995 -j ACCEPT
  207. -A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 993:995 -j ACCEPT
  208. -A FORWARD -i dns1 -o eth0 -m multiport -p tcp --dport 993:995 -j ACCEPT
  209.  
  210. # irc
  211. -A FORWARD -i dns0 -o eth0 -p tcp --dport 7070 -j ACCEPT
  212. -A FORWARD -i dns0 -o eth0 -p tcp --dport 1338 -j ACCEPT
  213. -A FORWARD -i dns0 -o eth0 -p tcp --dport 6667 -j ACCEPT
  214. -A FORWARD -i dns0 -o eth0 -p tcp --dport 6697 -j ACCEPT
  215. -A FORWARD -i dns1 -o eth0 -p tcp --dport 7070 -j ACCEPT
  216. -A FORWARD -i dns1 -o eth0 -p tcp --dport 1338 -j ACCEPT
  217. -A FORWARD -i dns1 -o eth0 -p tcp --dport 6667 -j ACCEPT
  218. -A FORWARD -i dns1 -o eth0 -p tcp --dport 6697 -j ACCEPT
  219.  
  220. # MUD
  221. -A FORWARD -i dns0 -o eth0 -p tcp --dport 2000 -j ACCEPT
  222. -A FORWARD -i dns0 -o eth0 -p tcp --dport 1843 -j ACCEPT
  223. -A FORWARD -i dns0 -o eth0 -p tcp --dport 843 -j ACCEPT
  224. -A FORWARD -i dns1 -o eth0 -p tcp --dport 2000 -j ACCEPT
  225. -A FORWARD -i dns1 -o eth0 -p tcp --dport 1843 -j ACCEPT
  226. -A FORWARD -i dns1 -o eth0 -p tcp --dport 843 -j ACCEPT
  227.  
  228. # ssh
  229. -A FORWARD -i dns0 -o eth0 -p tcp --dport 22 -j ACCEPT
  230. -A FORWARD -i dns1 -o eth0 -p tcp --dport 22 -j ACCEPT
  231.  
  232. # vpn
  233. -A FORWARD -i dns0 -o eth0 -p udp --dport 1194 -j ACCEPT
  234. -A FORWARD -i dns1 -o eth0 -p udp --dport 1194 -j ACCEPT
  235.  
  236. # iOS iMessages, Facetime
  237. -A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 3478:3487 -j ACCEPT
  238. -A FORWARD -i dns0 -o eth0 -p tcp --dport 5223 -j ACCEPT
  239. -A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 16384:16387 -j ACCEPT
  240. -A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 16393:16402 -j ACCEPT
  241. -A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 3478:3487 -j ACCEPT
  242. -A FORWARD -i dns1 -o eth0 -p tcp --dport 5223 -j ACCEPT
  243. -A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 16384:16387 -j ACCEPT
  244. -A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 16393:16402 -j ACCEPT
  245.  
  246. # Allow PING from remote hosts.
  247. -A FORWARD -i dns0 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT
  248. -A FORWARD -i dns1 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT
  249.  
  250. ###****BEGIN VPN FIREWALL****###
  251.  
  252. #Logging
  253. #-A FORWARD -i tun0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"
  254.  
  255. # dns
  256. -A FORWARD -i tun0 -o eth0 -p udp --dport 53 -j ACCEPT
  257.  
  258. # http, https
  259. -A FORWARD -i tun0 -o eth0 -p tcp --dport 80 -j ACCEPT
  260. -A FORWARD -i tun0 -o eth0 -p tcp --dport 443 -j ACCEPT
  261.  
  262. # Splashtop streamer
  263. -A FORWARD -i tun0 -o eth0 -m multiport -p tcp --dport 6783:6785 -j ACCEPT
  264. -A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 6783:6785 -j ACCEPT
  265.  
  266. # CallCentric VOIP
  267. -A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 5060:5080 -j ACCEPT
  268. -A FORWARD -i tun0 -o eth0 -p udp --dport 65535 -j ACCEPT
  269.  
  270. # Google hangout, voip, and other google services
  271. -A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 19305:19309 -j ACCEPT
  272. -A FORWARD -i tun0 -o eth0 -m multiport -p tcp --dport 19305:19309 -j ACCEPT
  273. -A FORWARD -i tun0 -o eth0 -p udp --dport 5228 -j ACCEPT
  274. -A FORWARD -i tun0 -o eth0 -p tcp --dport 5228 -j ACCEPT
  275. -A FORWARD -i tun0 -o eth0 -p udp --dport 14259 -j ACCEPT
  276. -A FORWARD -i tun0 -o eth0 -p tcp --dport 14259 -j ACCEPT
  277.  
  278. # Torrent
  279. -A FORWARD -i tun0 -o eth0 -p udp --dport 80 -j ACCEPT
  280. -A FORWARD -i tun0 -o eth0 -p udp --dport 6969 -j ACCEPT
  281. -A FORWARD -i tun0 -o eth0 -p udp --dport 1337 -j ACCEPT
  282.  
  283. # Email
  284. -A FORWARD -i tun0 -o eth0 -p tcp --dport 25 -j ACCEPT
  285.  
  286. # iCloud Email
  287. -A FORWARD -i tun0 -o eth0 -p tcp --dport 587 -j ACCEPT
  288.  
  289. # Gmail SMTP SSL
  290. -A FORWARD -i tun0 -o eth0 -p udp --dport 465 -j ACCEPT
  291. -A FORWARD -i tun0 -o eth0 -p tcp --dport 465 -j ACCEPT
  292.  
  293. # Gmail SMTP StartTLS
  294. -A FORWARD -i tun0 -o eth0 -p udp --dport 587 -j ACCEPT
  295. -A FORWARD -i tun0 -o eth0 -p tcp --dport 587 -j ACCEPT
  296.  
  297. # Gmail IMAP SSL
  298. -A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 993:995 -j ACCEPT
  299. -A FORWARD -i tun0 -o eth0 -m multiport -p tcp --dport 993:995 -j ACCEPT
  300.  
  301. # irc
  302. -A FORWARD -i tun0 -o eth0 -p tcp --dport 7070 -j ACCEPT
  303. -A FORWARD -i tun0 -o eth0 -p tcp --dport 1338 -j ACCEPT
  304. -A FORWARD -i tun0 -o eth0 -p tcp --dport 6667 -j ACCEPT
  305. -A FORWARD -i tun0 -o eth0 -p tcp --dport 6697 -j ACCEPT
  306.  
  307. # MUD
  308. -A FORWARD -i tun0 -o eth0 -p tcp --dport 2000 -j ACCEPT
  309. -A FORWARD -i tun0 -o eth0 -p tcp --dport 1843 -j ACCEPT
  310. -A FORWARD -i tun0 -o eth0 -p tcp --dport 843 -j ACCEPT
  311.  
  312. # ssh
  313. -A FORWARD -i tun0 -o eth0 -p tcp --dport 22 -j ACCEPT
  314.  
  315. # vpn
  316. -A FORWARD -i tun0 -o eth0 -p udp --dport 1194 -j ACCEPT
  317.  
  318. # iOS iMessages, Facetime
  319. -A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 3478:3487 -j ACCEPT
  320. -A FORWARD -i tun0 -o eth0 -p tcp --dport 5223 -j ACCEPT
  321. -A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 16384:16387 -j ACCEPT
  322. -A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 16393:16402 -j ACCEPT
  323.  
  324. # Allow PING from remote hosts.
  325. -A FORWARD -i tun0 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT
  326.  
  327. ###****BEGIN SERVER FIREWALL****###
  328.  
  329. #Logging
  330. #-A FORWARD -i wlan0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"
  331.  
  332. # Loop device.
  333. -A INPUT -i lo -j ACCEPT
  334.  
  335. # http, https
  336. -A INPUT -p tcp --dport 80 -j ACCEPT
  337. -A INPUT -p tcp --dport 443 -j ACCEPT
  338.  
  339. # smtp, submission
  340. -A INPUT -p tcp --dport 25 -j ACCEPT
  341. -A INPUT -p tcp --dport 587 -j ACCEPT
  342.  
  343. # pop3, pop3s
  344. -A INPUT -p tcp --dport 110 -j ACCEPT
  345. -A INPUT -p tcp --dport 995 -j ACCEPT
  346.  
  347. # imap, imaps
  348. -A INPUT -p tcp --dport 143 -j ACCEPT
  349. -A INPUT -p tcp --dport 993 -j ACCEPT
  350.  
  351. # ssh
  352. -A INPUT -p tcp --dport 22 -j ACCEPT
  353.  
  354. # vpn
  355. -A INPUT -p udp --dport 1194 -j ACCEPT
  356.  
  357. # Allow PING from remote hosts.
  358. -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
  359.  
  360. # ejabberd
  361. #-A INPUT -p tcp --dport 5222 -j ACCEPT
  362. #-A INPUT -p tcp --dport 5223 -j ACCEPT
  363. #-A INPUT -p tcp --dport 5280 -j ACCEPT
  364.  
  365. # ldap/ldaps
  366. #-A INPUT -p tcp --dport 389 -j ACCEPT
  367. #-A INPUT -p tcp --dport 636 -j ACCEPT
  368.  
  369. # ftp.
  370. #-A INPUT -p tcp --dport 20 -j ACCEPT
  371. #-A INPUT -p tcp --dport 21 -j ACCEPT
  372.  
  373. COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!