API tools faq
paste
Advertisement
MWTab

Untitled

MWTab
Oct 2nd, 2018
122
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.98 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.4.21 on Tue Oct 2 14:06:55 2018
  2. *filter
  3. :INPUT ACCEPT [0:0]
  4. :FORWARD ACCEPT [0:0]
  5. :OUTPUT ACCEPT [1220172:927154308]
  6. :FORWARD_IN_ZONES - [0:0]
  7. :FORWARD_IN_ZONES_SOURCE - [0:0]
  8. :FORWARD_OUT_ZONES - [0:0]
  9. :FORWARD_OUT_ZONES_SOURCE - [0:0]
  10. :FORWARD_direct - [0:0]
  11. :FWDI_public - [0:0]
  12. :FWDI_public_allow - [0:0]
  13. :FWDI_public_deny - [0:0]
  14. :FWDI_public_log - [0:0]
  15. :FWDO_public - [0:0]
  16. :FWDO_public_allow - [0:0]
  17. :FWDO_public_deny - [0:0]
  18. :FWDO_public_log - [0:0]
  19. :INPUT_ZONES - [0:0]
  20. :INPUT_ZONES_SOURCE - [0:0]
  21. :INPUT_direct - [0:0]
  22. :IN_public - [0:0]
  23. :IN_public_allow - [0:0]
  24. :IN_public_deny - [0:0]
  25. :IN_public_log - [0:0]
  26. :OUTPUT_direct - [0:0]
  27. -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
  28. -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
  29. -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
  30. -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
  31. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  32. -A INPUT -i lo -j ACCEPT
  33. -A INPUT -j INPUT_direct
  34. -A INPUT -j INPUT_ZONES_SOURCE
  35. -A INPUT -j INPUT_ZONES
  36. -A INPUT -m conntrack --ctstate INVALID -j DROP
  37. -A INPUT -j REJECT --reject-with icmp-host-prohibited
  38. -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  39. -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
  40. -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
  41. -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
  42. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
  43. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  44. -A FORWARD -i lo -j ACCEPT
  45. -A FORWARD -j FORWARD_direct
  46. -A FORWARD -j FORWARD_IN_ZONES_SOURCE
  47. -A FORWARD -j FORWARD_IN_ZONES
  48. -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
  49. -A FORWARD -j FORWARD_OUT_ZONES
  50. -A FORWARD -m conntrack --ctstate INVALID -j DROP
  51. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  52. -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
  53. -A OUTPUT -j OUTPUT_direct
  54. -A FORWARD_IN_ZONES -g FWDI_public
  55. -A FORWARD_OUT_ZONES -g FWDO_public
  56. -A FWDI_public -j FWDI_public_log
  57. -A FWDI_public -j FWDI_public_deny
  58. -A FWDI_public -j FWDI_public_allow
  59. -A FWDI_public -p icmp -j ACCEPT
  60. -A FWDO_public -j FWDO_public_log
  61. -A FWDO_public -j FWDO_public_deny
  62. -A FWDO_public -j FWDO_public_allow
  63. -A INPUT_ZONES -g IN_public
  64. -A IN_public -j IN_public_log
  65. -A IN_public -j IN_public_deny
  66. -A IN_public -j IN_public_allow
  67. -A IN_public -p icmp -j ACCEPT
  68. -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
  69. COMMIT
  70. # Completed on Tue Oct 2 14:06:55 2018
  71. # Generated by iptables-save v1.4.21 on Tue Oct 2 14:06:55 2018
  72. *raw
  73. :PREROUTING ACCEPT [4326103:1554257618]
  74. :OUTPUT ACCEPT [6680073:5143494129]
  75. :OUTPUT_direct - [0:0]
  76. :PREROUTING_ZONES - [0:0]
  77. :PREROUTING_ZONES_SOURCE - [0:0]
  78. :PREROUTING_direct - [0:0]
  79. :PRE_public - [0:0]
  80. :PRE_public_allow - [0:0]
  81. :PRE_public_deny - [0:0]
  82. :PRE_public_log - [0:0]
  83. -A PREROUTING -j PREROUTING_direct
  84. -A PREROUTING -j PREROUTING_ZONES_SOURCE
  85. -A PREROUTING -j PREROUTING_ZONES
  86. -A OUTPUT -j OUTPUT_direct
  87. -A PREROUTING_ZONES -g PRE_public
  88. -A PRE_public -j PRE_public_log
  89. -A PRE_public -j PRE_public_deny
  90. -A PRE_public -j PRE_public_allow
  91. COMMIT
  92. # Completed on Tue Oct 2 14:06:55 2018
  93. # Generated by iptables-save v1.4.21 on Tue Oct 2 14:06:55 2018
  94. *security
  95. :INPUT ACCEPT [4311319:1553431178]
  96. :FORWARD ACCEPT [0:0]
  97. :OUTPUT ACCEPT [6680073:5143494129]
  98. :FORWARD_direct - [0:0]
  99. :INPUT_direct - [0:0]
  100. :OUTPUT_direct - [0:0]
  101. -A INPUT -j INPUT_direct
  102. -A FORWARD -j FORWARD_direct
  103. -A OUTPUT -j OUTPUT_direct
  104. COMMIT
  105. # Completed on Tue Oct 2 14:06:55 2018
  106. # Generated by iptables-save v1.4.21 on Tue Oct 2 14:06:55 2018
  107. *mangle
  108. :PREROUTING ACCEPT [757935:158618147]
  109. :INPUT ACCEPT [757895:158616065]
  110. :FORWARD ACCEPT [0:0]
  111. :OUTPUT ACCEPT [1220204:927168557]
  112. :POSTROUTING ACCEPT [1220855:927213476]
  113. :FORWARD_direct - [0:0]
  114. :INPUT_direct - [0:0]
  115. :OUTPUT_direct - [0:0]
  116. :POSTROUTING_direct - [0:0]
  117. :PREROUTING_ZONES - [0:0]
  118. :PREROUTING_ZONES_SOURCE - [0:0]
  119. :PREROUTING_direct - [0:0]
  120. :PRE_public - [0:0]
  121. :PRE_public_allow - [0:0]
  122. :PRE_public_deny - [0:0]
  123. :PRE_public_log - [0:0]
  124. -A PREROUTING -j PREROUTING_direct
  125. -A PREROUTING -j PREROUTING_ZONES_SOURCE
  126. -A PREROUTING -j PREROUTING_ZONES
  127. -A INPUT -j INPUT_direct
  128. -A FORWARD -j FORWARD_direct
  129. -A OUTPUT -j OUTPUT_direct
  130. -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
  131. -A POSTROUTING -j POSTROUTING_direct
  132. -A PREROUTING_ZONES -g PRE_public
  133. -A PRE_public -j PRE_public_log
  134. -A PRE_public -j PRE_public_deny
  135. -A PRE_public -j PRE_public_allow
  136. COMMIT
  137. # Completed on Tue Oct 2 14:06:55 2018
  138. # Generated by iptables-save v1.4.21 on Tue Oct 2 14:06:55 2018
  139. *nat
  140. :PREROUTING ACCEPT [6460:396364]
  141. :INPUT ACCEPT [4827:315207]
  142. :OUTPUT ACCEPT [5079:335888]
  143. :POSTROUTING ACCEPT [5079:335888]
  144. :OUTPUT_direct - [0:0]
  145. :POSTROUTING_ZONES - [0:0]
  146. :POSTROUTING_ZONES_SOURCE - [0:0]
  147. :POSTROUTING_direct - [0:0]
  148. :POST_public - [0:0]
  149. :POST_public_allow - [0:0]
  150. :POST_public_deny - [0:0]
  151. :POST_public_log - [0:0]
  152. :PREROUTING_ZONES - [0:0]
  153. :PREROUTING_ZONES_SOURCE - [0:0]
  154. :PREROUTING_direct - [0:0]
  155. :PRE_public - [0:0]
  156. :PRE_public_allow - [0:0]
  157. :PRE_public_deny - [0:0]
  158. :PRE_public_log - [0:0]
  159. -A PREROUTING -j PREROUTING_direct
  160. -A PREROUTING -j PREROUTING_ZONES_SOURCE
  161. -A PREROUTING -j PREROUTING_ZONES
  162. -A OUTPUT -j OUTPUT_direct
  163. -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
  164. -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
  165. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
  166. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
  167. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
  168. -A POSTROUTING -j POSTROUTING_direct
  169. -A POSTROUTING -j POSTROUTING_ZONES_SOURCE
  170. -A POSTROUTING -j POSTROUTING_ZONES
  171. -A POSTROUTING_ZONES -g POST_public
  172. -A POST_public -j POST_public_log
  173. -A POST_public -j POST_public_deny
  174. -A POST_public -j POST_public_allow
  175. -A PREROUTING_ZONES -g PRE_public
  176. -A PRE_public -j PRE_public_log
  177. -A PRE_public -j PRE_public_deny
  178. -A PRE_public -j PRE_public_allow
  179. COMMIT
  180. # Completed on Tue Oct 2 14:06:55 2018
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!