API tools faq
paste
Advertisement
blazestudios

nf_tables conversion

blazestudios
Jun 6th, 2024
31
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.10 KB | None | 0 0
raw download clone embed print report
  1. root@fpbx17:~# nft list ruleset
  2. # Warning: table ip filter is managed by iptables-nft, do not touch!
  3. table ip filter {
  4. chain INPUT {
  5. type filter hook input priority filter; policy accept;
  6. counter packets 17791654 bytes 21364577644 jump fail2ban-recidive
  7. meta l4proto udp udp dport 1194 counter packets 0 bytes 0 jump fail2ban-openvpn
  8. meta l4proto tcp tcp dport { 80, 443 } counter packets 6877 bytes 915720 jump fail2ban-api
  9. meta l4proto tcp tcp dport { 80, 443 } counter packets 6881 bytes 915928 jump fail2ban-BadBots
  10. meta l4proto tcp tcp dport 21 counter packets 0 bytes 0 jump fail2ban-FTP
  11. counter packets 17791672 bytes 21364578580 jump fail2ban-apache-auth
  12. meta l4proto tcp tcp dport 22 counter packets 24610 bytes 2794170 jump fail2ban-SSH
  13. counter packets 17791686 bytes 21364579308 jump fail2ban-PBX-GUI
  14. counter packets 17791687 bytes 21364580760 jump fail2ban-SIP
  15. meta l4proto tcp tcp dport 22 counter packets 24610 bytes 2794170 jump fail2ban-sshd
  16. counter packets 22696657 bytes 26251022199 jump fpbxfirewall
  17. }
  18.  
  19. chain fpbxfirewall {
  20. iifname "lo" counter packets 12744788 bytes 12248346313 accept
  21. meta l4proto tcp ct mark != 0x20 ct state related,established counter packets 9664080 bytes 13984341908 accept
  22. meta l4proto icmp counter packets 105461 bytes 4789000 accept
  23. ip daddr 255.255.255.255 counter packets 0 bytes 0 accept
  24. pkttype multicast counter packets 0 bytes 0 accept
  25. udp sport 67-68 udp dport 67-68 counter packets 79 bytes 27176 accept
  26. counter packets 182249 bytes 13517802 jump fpbx-rtp
  27. counter packets 181404 bytes 13444967 jump fpbxblacklist
  28. counter packets 181404 bytes 13444967 jump fpbxsignalling
  29. counter packets 181404 bytes 13444967 jump fpbxsmarthosts
  30. counter packets 181404 bytes 13444967 jump fpbxregistrations
  31. counter packets 181404 bytes 13444967 jump fpbxnets
  32. counter packets 180607 bytes 13393907 jump fpbxhosts
  33. counter packets 180607 bytes 13393907 jump fpbxinterfaces
  34. counter packets 180607 bytes 13393907 jump fpbxreject
  35. meta mark & 0x00000002 == 0x00000002 counter packets 0 bytes 0 jump fpbxrfw
  36. meta l4proto udp ct state related,established counter packets 16222 bytes 1287842 accept
  37. meta l4proto tcp xt match set counter packets 0 bytes 0 jump lefilter
  38. counter packets 164385 bytes 12106065 jump fpbxlogdrop
  39. }
  40.  
  41. chain fpbx-rtp {
  42. udp dport 10000-20000 counter packets 845 bytes 72835 accept
  43. udp dport 4000-4999 counter packets 0 bytes 0 accept
  44. }
  45.  
  46. chain fpbxblacklist {
  47. }
  48.  
  49. chain fpbxsignalling {
  50. udp dport 5060 counter packets 0 bytes 0 meta mark set 0x3
  51. }
  52.  
  53. chain fpbxsmarthosts {
  54. }
  55.  
  56. chain fpbxregistrations {
  57. }
  58.  
  59. chain fpbxnets {
  60. ip saddr 72.x.x.x counter packets 797 bytes 51060 jump zone-trusted
  61. }
  62.  
  63. chain fpbxhosts {
  64. ip saddr 127.0.1.1 counter packets 0 bytes 0 jump zone-trusted
  65. ip saddr 127.0.0.1 counter packets 0 bytes 0 jump zone-trusted
  66. }
  67.  
  68. chain fpbxinterfaces {
  69. iifname "enp1s0" counter packets 180588 bytes 13391444 jump zone-external
  70. }
  71.  
  72. chain fpbxreject {
  73. counter packets 180588 bytes 13391444 jump rejsvc-nfs
  74. counter packets 180588 bytes 13391444 jump rejsvc-smb
  75. }
  76.  
  77. chain fpbxrfw {
  78. xt match recent counter packets 0 bytes 0
  79. xt match recent counter packets 0 bytes 0 accept
  80. xt match recent counter packets 0 bytes 0 accept
  81. xt match recent counter packets 0 bytes 0 jump fpbxchecktempwhitelist
  82. xt match recent counter packets 0 bytes 0
  83. xt match recent counter packets 0 bytes 0
  84. xt match recent counter packets 0 bytes 0 jump fpbxattacker
  85. xt match recent counter packets 0 bytes 0 jump fpbxattacker
  86. xt match recent counter packets 0 bytes 0 jump fpbxshortblock
  87. xt match recent counter packets 0 bytes 0
  88. xt match recent counter packets 0 bytes 0 jump fpbxattacker
  89. counter packets 0 bytes 0 accept
  90. }
  91.  
  92. chain lefilter {
  93. ct state new counter packets 0 bytes 0 ct mark set 0x20
  94. ct state new counter packets 0 bytes 0 accept
  95. xt match string counter packets 0 bytes 0 accept
  96. xt match string counter packets 0 bytes 0 accept
  97. counter packets 0 bytes 0 return
  98. }
  99.  
  100. chain fpbxlogdrop {
  101. counter packets 164380 bytes 12105151 drop
  102. }
  103.  
  104. chain zone-trusted {
  105. counter packets 797 bytes 51060 accept
  106. }
  107.  
  108. chain zone-internal {
  109. counter packets 0 bytes 0 meta mark set mark or 0x4
  110. counter packets 0 bytes 0 jump fpbxsvc-ssh
  111. counter packets 0 bytes 0 jump fpbxsvc-http
  112. counter packets 0 bytes 0 jump fpbxsvc-https
  113. counter packets 0 bytes 0 jump fpbxsvc-ucp
  114. counter packets 0 bytes 0 jump fpbxsvc-ucp_ssl
  115. counter packets 0 bytes 0 jump fpbxsvc-pjsip
  116. counter packets 0 bytes 0 jump fpbxsvc-chansip
  117. counter packets 0 bytes 0 jump fpbxsvc-iax
  118. counter packets 0 bytes 0 jump fpbxsvc-webrtc
  119. counter packets 0 bytes 0 jump fpbxsvc-api
  120. counter packets 0 bytes 0 jump fpbxsvc-api_ssl
  121. counter packets 0 bytes 0 jump fpbxsvc-ntp
  122. counter packets 0 bytes 0 jump fpbxsvc-sng_phone_svc
  123. counter packets 0 bytes 0 jump fpbxsvc-provis
  124. counter packets 0 bytes 0 jump fpbxsvc-provis_ssl
  125. counter packets 0 bytes 0 jump fpbxsvc-vpn
  126. counter packets 0 bytes 0 jump fpbxsvc-restapps
  127. counter packets 0 bytes 0 jump fpbxsvc-restapps_ssl
  128. counter packets 0 bytes 0 jump fpbxsvc-xmpp
  129. counter packets 0 bytes 0 jump fpbxsvc-ftp
  130. counter packets 0 bytes 0 jump fpbxsvc-tftp
  131. }
  132.  
  133. chain zone-other {
  134. counter packets 0 bytes 0 meta mark set mark or 0x8
  135. counter packets 0 bytes 0 jump fpbxsvc-ucp
  136. counter packets 0 bytes 0 jump fpbxsvc-ucp_ssl
  137. counter packets 0 bytes 0 jump fpbxsvc-provis
  138. counter packets 0 bytes 0 jump fpbxsvc-provis_ssl
  139. counter packets 0 bytes 0 jump fpbxsvc-vpn
  140. counter packets 0 bytes 0 jump fpbxsvc-sng_phone_svc
  141. }
  142.  
  143. chain zone-external {
  144. counter packets 180588 bytes 13391444 meta mark set mark or 0x10
  145. counter packets 180588 bytes 13391444 jump fpbxsvc-vpn
  146. counter packets 125320 bytes 9269676 jump fpbxsvc-sng_phone_svc
  147. }
  148.  
  149. chain fpbxchecktempwhitelist {
  150. xt match recent counter packets 0 bytes 0 jump fpbxtempwhitelist
  151. }
  152.  
  153. chain fpbxattacker {
  154. xt match recent counter packets 0 bytes 0
  155. counter packets 0 bytes 0 drop
  156. }
  157.  
  158. chain fpbxshortblock {
  159. xt match recent counter packets 0 bytes 0
  160. counter packets 0 bytes 0 reject
  161. }
  162.  
  163. chain fpbxratelimit {
  164. meta mark & 0x00000004 == 0x00000004 counter packets 0 bytes 0 accept
  165. xt match recent counter packets 0 bytes 0 accept
  166. ct state new xt match recent counter packets 0 bytes 0
  167. ct state new xt match recent counter packets 0 bytes 0
  168. counter packets 0 bytes 0 log
  169. xt match recent counter packets 0 bytes 0 jump fpbxattacker
  170. xt match recent counter packets 0 bytes 0 jump fpbxattacker
  171. xt match recent counter packets 0 bytes 0 jump fpbxattacker
  172. xt match recent counter packets 0 bytes 0 jump fpbxshortblock
  173. counter packets 0 bytes 0 accept
  174. }
  175.  
  176. chain fpbxknownreg {
  177. xt match recent counter packets 0 bytes 0
  178. xt match recent counter packets 0 bytes 0
  179. xt match recent counter packets 0 bytes 0
  180. xt match recent counter packets 0 bytes 0
  181. counter packets 0 bytes 0 meta mark set mark or 0x4
  182. meta mark & 0x00000001 == 0x00000001 counter packets 0 bytes 0 accept
  183. counter packets 0 bytes 0 jump fpbxsvc-ucp
  184. counter packets 0 bytes 0 jump fpbxsvc-restapps
  185. counter packets 0 bytes 0 jump fpbxsvc-restapps_ssl
  186. counter packets 0 bytes 0 jump fpbxsvc-provis
  187. counter packets 0 bytes 0 jump fpbxsvc-provis_ssl
  188. counter packets 0 bytes 0 jump fpbxsvc-api
  189. counter packets 0 bytes 0 jump fpbxsvc-api_ssl
  190. }
  191.  
  192. chain fpbxsvc-ucp {
  193. tcp dport 81 counter packets 0 bytes 0 accept
  194. tcp dport 8001 counter packets 0 bytes 0 accept
  195. }
  196.  
  197. chain fpbxsvc-restapps {
  198. tcp dport 82 counter packets 0 bytes 0 accept
  199. }
  200.  
  201. chain fpbxsvc-restapps_ssl {
  202. }
  203.  
  204. chain fpbxsvc-provis {
  205. tcp dport 84 counter packets 0 bytes 0 jump fpbxratelimit
  206. }
  207.  
  208. chain fpbxsvc-provis_ssl {
  209. }
  210.  
  211. chain fpbxsvc-api {
  212. tcp dport 83 counter packets 0 bytes 0 accept
  213. }
  214.  
  215. chain fpbxsvc-api_ssl {
  216. tcp dport 2443 counter packets 0 bytes 0 accept
  217. }
  218.  
  219. chain fpbxtempwhitelist {
  220. xt match recent counter packets 0 bytes 0 accept
  221. }
  222.  
  223. chain fpbxsvc-ssh {
  224. tcp dport 22 counter packets 0 bytes 0 accept
  225. }
  226.  
  227. chain fpbxsvc-http {
  228. tcp dport 80 counter packets 0 bytes 0 accept
  229. }
  230.  
  231. chain fpbxsvc-https {
  232. tcp dport 443 counter packets 0 bytes 0 accept
  233. }
  234.  
  235. chain fpbxsvc-ucp_ssl {
  236. }
  237.  
  238. chain fpbxsvc-pjsip {
  239. udp dport 5060 counter packets 0 bytes 0 accept
  240. }
  241.  
  242. chain fpbxsvc-chansip {
  243. }
  244.  
  245. chain fpbxsvc-iax {
  246. udp dport 4569 counter packets 0 bytes 0 accept
  247. }
  248.  
  249. chain fpbxsvc-webrtc {
  250. tcp dport 8088 counter packets 0 bytes 0 accept
  251. tcp dport 8089 counter packets 0 bytes 0 accept
  252. }
  253.  
  254. chain fpbxsvc-letsencrypt {
  255. }
  256.  
  257. chain fpbxsvc-ntp {
  258. udp dport 123 counter packets 0 bytes 0 accept
  259. }
  260.  
  261. chain fpbxsvc-sng_phone_svc {
  262. }
  263.  
  264. chain fpbxsvc-vpn {
  265. udp dport 1194 counter packets 0 bytes 0 accept
  266. }
  267.  
  268. chain fpbxsvc-xmpp {
  269. tcp dport 5222 counter packets 0 bytes 0 accept
  270. }
  271.  
  272. chain fpbxsvc-ftp {
  273. tcp dport 21 counter packets 0 bytes 0 accept
  274. }
  275.  
  276. chain fpbxsvc-tftp {
  277. udp dport 69 counter packets 0 bytes 0 accept
  278. }
  279.  
  280. chain fpbxsvc-nfs {
  281. }
  282.  
  283. chain rejsvc-nfs {
  284. }
  285.  
  286. chain fpbxsvc-smb {
  287. }
  288.  
  289. chain rejsvc-smb {
  290. }
  291.  
  292. chain fail2ban-sshd {
  293. counter packets 24610 bytes 2794170 return
  294. }
  295.  
  296. chain fail2ban-SIP {
  297. counter packets 17791687 bytes 21364580760 return
  298. }
  299.  
  300. chain fail2ban-PBX-GUI {
  301. counter packets 17791686 bytes 21364579308 return
  302. }
  303.  
  304. chain fail2ban-SSH {
  305. counter packets 24610 bytes 2794170 return
  306. }
  307.  
  308. chain fail2ban-apache-auth {
  309. counter packets 17791672 bytes 21364578580 return
  310. }
  311.  
  312. chain fail2ban-FTP {
  313. counter packets 0 bytes 0 return
  314. }
  315.  
  316. chain fail2ban-BadBots {
  317. counter packets 6881 bytes 915928 return
  318. }
  319.  
  320. chain fail2ban-api {
  321. counter packets 6877 bytes 915720 return
  322. }
  323.  
  324. chain fail2ban-openvpn {
  325. counter packets 0 bytes 0 return
  326. }
  327.  
  328. chain fail2ban-recidive {
  329. counter packets 17791654 bytes 21364577644 return
  330. }
  331. }
  332. # Warning: table ip6 filter is managed by iptables-nft, do not touch!
  333. table ip6 filter {
  334. chain fpbxfirewall {
  335. iifname "lo" counter packets 0 bytes 0 accept
  336. meta l4proto tcp ct mark != 0x20 ct state related,established counter packets 0 bytes 0 accept
  337. meta l4proto ipv6-icmp counter packets 0 bytes 0 accept
  338. pkttype multicast counter packets 0 bytes 0 accept
  339. udp sport 67-68 udp dport 67-68 counter packets 0 bytes 0 accept
  340. ip6 saddr fe80::/64 udp sport 546-547 udp dport 546-547 counter packets 0 bytes 0 accept
  341. counter packets 0 bytes 0 jump fpbx-rtp
  342. counter packets 0 bytes 0 jump fpbxblacklist
  343. counter packets 0 bytes 0 jump fpbxsignalling
  344. counter packets 0 bytes 0 jump fpbxsmarthosts
  345. counter packets 0 bytes 0 jump fpbxregistrations
  346. counter packets 0 bytes 0 jump fpbxnets
  347. counter packets 0 bytes 0 jump fpbxhosts
  348. counter packets 0 bytes 0 jump fpbxinterfaces
  349. counter packets 0 bytes 0 jump fpbxreject
  350. meta mark & 0x00000002 == 0x00000002 counter packets 0 bytes 0 jump fpbxrfw
  351. meta l4proto udp ct state related,established counter packets 0 bytes 0 accept
  352. meta l4proto tcp xt match set counter packets 0 bytes 0 jump lefilter
  353. counter packets 0 bytes 0 jump fpbxlogdrop
  354. }
  355.  
  356. chain INPUT {
  357. type filter hook input priority filter; policy accept;
  358. counter packets 0 bytes 0 jump fail2ban-PBX-GUI
  359. counter packets 0 bytes 0 jump fpbxfirewall
  360. }
  361.  
  362. chain fail2ban-PBX-GUI {
  363. }
  364.  
  365. chain fpbx-rtp {
  366. udp dport 10000-20000 counter packets 0 bytes 0 accept
  367. udp dport 4000-4999 counter packets 0 bytes 0 accept
  368. }
  369.  
  370. chain fpbxblacklist {
  371. }
  372.  
  373. chain fpbxsignalling {
  374. udp dport 5060 counter packets 0 bytes 0 meta mark set 0x3
  375. }
  376.  
  377. chain fpbxsmarthosts {
  378. }
  379.  
  380. chain fpbxregistrations {
  381. }
  382.  
  383. chain fpbxnets {
  384. }
  385.  
  386. chain fpbxhosts {
  387. ip6 saddr ::1 counter packets 0 bytes 0 jump zone-trusted
  388. ip6 saddr ff02::1 counter packets 0 bytes 0 jump zone-trusted
  389. ip6 saddr ff02::2 counter packets 0 bytes 0 jump zone-trusted
  390. }
  391.  
  392. chain fpbxinterfaces {
  393. iifname "enp1s0" counter packets 0 bytes 0 jump zone-external
  394. }
  395.  
  396. chain fpbxreject {
  397. counter packets 0 bytes 0 jump rejsvc-nfs
  398. counter packets 0 bytes 0 jump rejsvc-smb
  399. }
  400.  
  401. chain fpbxrfw {
  402. xt match recent counter packets 0 bytes 0
  403. xt match recent counter packets 0 bytes 0 accept
  404. xt match recent counter packets 0 bytes 0 accept
  405. xt match recent counter packets 0 bytes 0 jump fpbxchecktempwhitelist
  406. xt match recent counter packets 0 bytes 0
  407. xt match recent counter packets 0 bytes 0
  408. xt match recent counter packets 0 bytes 0 jump fpbxattacker
  409. xt match recent counter packets 0 bytes 0 jump fpbxattacker
  410. xt match recent counter packets 0 bytes 0 jump fpbxshortblock
  411. xt match recent counter packets 0 bytes 0
  412. xt match recent counter packets 0 bytes 0 jump fpbxattacker
  413. counter packets 0 bytes 0 accept
  414. }
  415.  
  416. chain lefilter {
  417. ct state new counter packets 0 bytes 0 ct mark set 0x20
  418. ct state new counter packets 0 bytes 0 accept
  419. xt match string counter packets 0 bytes 0 accept
  420. xt match string counter packets 0 bytes 0 accept
  421. counter packets 0 bytes 0 return
  422. }
  423.  
  424. chain fpbxlogdrop {
  425. counter packets 0 bytes 0 drop
  426. }
  427.  
  428. chain zone-trusted {
  429. counter packets 0 bytes 0 accept
  430. }
  431.  
  432. chain zone-internal {
  433. counter packets 0 bytes 0 meta mark set mark or 0x4
  434. counter packets 0 bytes 0 jump fpbxsvc-ssh
  435. counter packets 0 bytes 0 jump fpbxsvc-http
  436. counter packets 0 bytes 0 jump fpbxsvc-https
  437. counter packets 0 bytes 0 jump fpbxsvc-ucp
  438. counter packets 0 bytes 0 jump fpbxsvc-ucp_ssl
  439. counter packets 0 bytes 0 jump fpbxsvc-pjsip
  440. counter packets 0 bytes 0 jump fpbxsvc-chansip
  441. counter packets 0 bytes 0 jump fpbxsvc-iax
  442. counter packets 0 bytes 0 jump fpbxsvc-webrtc
  443. counter packets 0 bytes 0 jump fpbxsvc-api
  444. counter packets 0 bytes 0 jump fpbxsvc-api_ssl
  445. counter packets 0 bytes 0 jump fpbxsvc-ntp
  446. counter packets 0 bytes 0 jump fpbxsvc-sng_phone_svc
  447. counter packets 0 bytes 0 jump fpbxsvc-provis
  448. counter packets 0 bytes 0 jump fpbxsvc-provis_ssl
  449. counter packets 0 bytes 0 jump fpbxsvc-vpn
  450. counter packets 0 bytes 0 jump fpbxsvc-restapps
  451. counter packets 0 bytes 0 jump fpbxsvc-restapps_ssl
  452. counter packets 0 bytes 0 jump fpbxsvc-xmpp
  453. counter packets 0 bytes 0 jump fpbxsvc-ftp
  454. counter packets 0 bytes 0 jump fpbxsvc-tftp
  455. }
  456.  
  457. chain zone-other {
  458. counter packets 0 bytes 0 meta mark set mark or 0x8
  459. counter packets 0 bytes 0 jump fpbxsvc-ucp
  460. counter packets 0 bytes 0 jump fpbxsvc-ucp_ssl
  461. counter packets 0 bytes 0 jump fpbxsvc-provis
  462. counter packets 0 bytes 0 jump fpbxsvc-provis_ssl
  463. counter packets 0 bytes 0 jump fpbxsvc-vpn
  464. counter packets 0 bytes 0 jump fpbxsvc-sng_phone_svc
  465. }
  466.  
  467. chain zone-external {
  468. counter packets 0 bytes 0 meta mark set mark or 0x10
  469. counter packets 0 bytes 0 jump fpbxsvc-vpn
  470. counter packets 0 bytes 0 jump fpbxsvc-sng_phone_svc
  471. }
  472.  
  473. chain fpbxchecktempwhitelist {
  474. xt match recent counter packets 0 bytes 0 jump fpbxtempwhitelist
  475. }
  476.  
  477. chain fpbxattacker {
  478. xt match recent counter packets 0 bytes 0
  479. counter packets 0 bytes 0 drop
  480. }
  481.  
  482. chain fpbxshortblock {
  483. xt match recent counter packets 0 bytes 0
  484. counter packets 0 bytes 0 reject
  485. }
  486.  
  487. chain fpbxratelimit {
  488. meta mark & 0x00000004 == 0x00000004 counter packets 0 bytes 0 accept
  489. xt match recent counter packets 0 bytes 0 accept
  490. ct state new xt match recent counter packets 0 bytes 0
  491. ct state new xt match recent counter packets 0 bytes 0
  492. counter packets 0 bytes 0 log
  493. xt match recent counter packets 0 bytes 0 jump fpbxattacker
  494. xt match recent counter packets 0 bytes 0 jump fpbxattacker
  495. xt match recent counter packets 0 bytes 0 jump fpbxattacker
  496. xt match recent counter packets 0 bytes 0 jump fpbxshortblock
  497. counter packets 0 bytes 0 accept
  498. }
  499.  
  500. chain fpbxknownreg {
  501. xt match recent counter packets 0 bytes 0
  502. xt match recent counter packets 0 bytes 0
  503. xt match recent counter packets 0 bytes 0
  504. xt match recent counter packets 0 bytes 0
  505. counter packets 0 bytes 0 meta mark set mark or 0x4
  506. meta mark & 0x00000001 == 0x00000001 counter packets 0 bytes 0 accept
  507. counter packets 0 bytes 0 jump fpbxsvc-ucp
  508. counter packets 0 bytes 0 jump fpbxsvc-restapps
  509. counter packets 0 bytes 0 jump fpbxsvc-restapps_ssl
  510. counter packets 0 bytes 0 jump fpbxsvc-provis
  511. counter packets 0 bytes 0 jump fpbxsvc-provis_ssl
  512. counter packets 0 bytes 0 jump fpbxsvc-api
  513. counter packets 0 bytes 0 jump fpbxsvc-api_ssl
  514. }
  515.  
  516. chain fpbxsvc-ucp {
  517. tcp dport 81 counter packets 0 bytes 0 accept
  518. tcp dport 8001 counter packets 0 bytes 0 accept
  519. }
  520.  
  521. chain fpbxsvc-restapps {
  522. tcp dport 82 counter packets 0 bytes 0 accept
  523. }
  524.  
  525. chain fpbxsvc-restapps_ssl {
  526. }
  527.  
  528. chain fpbxsvc-provis {
  529. tcp dport 84 counter packets 0 bytes 0 jump fpbxratelimit
  530. }
  531.  
  532. chain fpbxsvc-provis_ssl {
  533. }
  534.  
  535. chain fpbxsvc-api {
  536. tcp dport 83 counter packets 0 bytes 0 accept
  537. }
  538.  
  539. chain fpbxsvc-api_ssl {
  540. tcp dport 2443 counter packets 0 bytes 0 accept
  541. }
  542.  
  543. chain fpbxtempwhitelist {
  544. xt match recent counter packets 0 bytes 0 accept
  545. }
  546.  
  547. chain fpbxsvc-ssh {
  548. tcp dport 22 counter packets 0 bytes 0 accept
  549. }
  550.  
  551. chain fpbxsvc-http {
  552. tcp dport 80 counter packets 0 bytes 0 accept
  553. }
  554.  
  555. chain fpbxsvc-https {
  556. tcp dport 443 counter packets 0 bytes 0 accept
  557. }
  558.  
  559. chain fpbxsvc-ucp_ssl {
  560. }
  561.  
  562. chain fpbxsvc-pjsip {
  563. udp dport 5060 counter packets 0 bytes 0 accept
  564. }
  565.  
  566. chain fpbxsvc-chansip {
  567. }
  568.  
  569. chain fpbxsvc-iax {
  570. udp dport 4569 counter packets 0 bytes 0 accept
  571. }
  572.  
  573. chain fpbxsvc-webrtc {
  574. tcp dport 8088 counter packets 0 bytes 0 accept
  575. tcp dport 8089 counter packets 0 bytes 0 accept
  576. }
  577.  
  578. chain fpbxsvc-letsencrypt {
  579. }
  580.  
  581. chain fpbxsvc-ntp {
  582. udp dport 123 counter packets 0 bytes 0 accept
  583. }
  584.  
  585. chain fpbxsvc-sng_phone_svc {
  586. }
  587.  
  588. chain fpbxsvc-vpn {
  589. udp dport 1194 counter packets 0 bytes 0 accept
  590. }
  591.  
  592. chain fpbxsvc-xmpp {
  593. tcp dport 5222 counter packets 0 bytes 0 accept
  594. }
  595.  
  596. chain fpbxsvc-ftp {
  597. tcp dport 21 counter packets 0 bytes 0 accept
  598. }
  599.  
  600. chain fpbxsvc-tftp {
  601. udp dport 69 counter packets 0 bytes 0 accept
  602. }
  603.  
  604. chain fpbxsvc-nfs {
  605. }
  606.  
  607. chain rejsvc-nfs {
  608. }
  609.  
  610. chain fpbxsvc-smb {
  611. }
  612.  
  613. chain rejsvc-smb {
  614. }
  615. }
  616. # Warning: table ip nat is managed by iptables-nft, do not touch!
  617. table ip nat {
  618. chain masq-input {
  619. counter packets 393856 bytes 23757316 meta mark set 0x1
  620. }
  621.  
  622. chain masq-output {
  623. oifname "enp1s0" counter packets 16615 bytes 1263590 meta mark set mark or 0x2
  624. }
  625.  
  626. chain POSTROUTING {
  627. type nat hook postrouting priority srcnat; policy accept;
  628. counter packets 393856 bytes 23757316 jump masq-input
  629. counter packets 393856 bytes 23757316 jump masq-output
  630. meta mark & 0x00000003 == 0x00000003 counter packets 16615 bytes 1263590 masquerade
  631. }
  632. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!