SHARE
TWEET

Untitled

a guest Feb 20th, 2019 64 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. root@M14EBR:~# iptables -L
  2. Chain INPUT (policy ACCEPT)
  3. target     prot opt source               destination        
  4. ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
  5. ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
  6. ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
  7. ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:67
  8.  
  9. Chain FORWARD (policy ACCEPT)
  10. target     prot opt source               destination        
  11. ACCEPT     all  --  anywhere             192.168.122.0/24     ctstate RELATED,ESTABLISHED
  12. ACCEPT     all  --  192.168.122.0/24     anywhere            
  13. ACCEPT     all  --  anywhere             anywhere            
  14. REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
  15. REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
  16. REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
  17.  
  18. Chain OUTPUT (policy ACCEPT)
  19. target     prot opt source               destination        
  20. ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc
  21. # Warning: iptables-legacy tables present, use iptables-legacy to see them
  22.  
  23. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  24. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  25. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  26. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  27. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  28.  
  29. root@M14EBR:~# iptables-legacy -L
  30. Chain INPUT (policy ACCEPT)
  31. target     prot opt source               destination        
  32.  
  33. Chain FORWARD (policy DROP)
  34. target     prot opt source               destination        
  35. DOCKER-USER  all  --  anywhere             anywhere            
  36. DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
  37. ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
  38. DOCKER     all  --  anywhere             anywhere            
  39. ACCEPT     all  --  anywhere             anywhere            
  40. ACCEPT     all  --  anywhere             anywhere            
  41.  
  42. Chain OUTPUT (policy ACCEPT)
  43. target     prot opt source               destination        
  44.  
  45. Chain DOCKER (1 references)
  46. target     prot opt source               destination        
  47.  
  48. Chain DOCKER-ISOLATION-STAGE-1 (1 references)
  49. target     prot opt source               destination        
  50. DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
  51. RETURN     all  --  anywhere             anywhere            
  52.  
  53. Chain DOCKER-ISOLATION-STAGE-2 (1 references)
  54. target     prot opt source               destination        
  55. DROP       all  --  anywhere             anywhere            
  56. RETURN     all  --  anywhere             anywhere            
  57.  
  58. Chain DOCKER-USER (1 references)
  59. target     prot opt source               destination        
  60. RETURN     all  --  anywhere             anywhere  
  61.  
  62. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  63. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  64. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  65. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  66. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  67.  
  68. root@M14EBR:~# iptables-save
  69. # Generated by xtables-save v1.8.2 on Wed Feb 20 15:00:24 2019
  70. *filter
  71. :INPUT ACCEPT [0:0]
  72. :FORWARD ACCEPT [0:0]
  73. :OUTPUT ACCEPT [0:0]
  74. -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
  75. -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
  76. -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
  77. -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
  78. -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  79. -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
  80. -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
  81. -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
  82. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
  83. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
  84. -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
  85. COMMIT
  86. # Completed on Wed Feb 20 15:00:24 2019
  87. # Generated by xtables-save v1.8.2 on Wed Feb 20 15:00:24 2019
  88. *nat
  89. :PREROUTING ACCEPT [0:0]
  90. :INPUT ACCEPT [0:0]
  91. :POSTROUTING ACCEPT [0:0]
  92. :OUTPUT ACCEPT [0:0]
  93. -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
  94. -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
  95. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
  96. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
  97. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
  98. COMMIT
  99. # Completed on Wed Feb 20 15:00:24 2019
  100. # Generated by xtables-save v1.8.2 on Wed Feb 20 15:00:24 2019
  101. *mangle
  102. :PREROUTING ACCEPT [0:0]
  103. :INPUT ACCEPT [0:0]
  104. :FORWARD ACCEPT [0:0]
  105. :OUTPUT ACCEPT [0:0]
  106. :POSTROUTING ACCEPT [0:0]
  107. -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
  108. COMMIT
  109. # Completed on Wed Feb 20 15:00:24 2019
  110. # Warning: iptables-legacy tables present, use iptables-legacy-save to see them
  111.  
  112.  
  113. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  114. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  115. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  116. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  117. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  118.  
  119. root@M14EBR:~# iptables-save
  120. # Generated by xtables-save v1.8.2 on Wed Feb 20 15:00:24 2019
  121. *filter
  122. :INPUT ACCEPT [0:0]
  123. :FORWARD ACCEPT [0:0]
  124. :OUTPUT ACCEPT [0:0]
  125. -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
  126. -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
  127. -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
  128. -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
  129. -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  130. -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
  131. -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
  132. -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
  133. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
  134. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
  135. -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
  136. COMMIT
  137. # Completed on Wed Feb 20 15:00:24 2019
  138. # Generated by xtables-save v1.8.2 on Wed Feb 20 15:00:24 2019
  139. *nat
  140. :PREROUTING ACCEPT [0:0]
  141. :INPUT ACCEPT [0:0]
  142. :POSTROUTING ACCEPT [0:0]
  143. :OUTPUT ACCEPT [0:0]
  144. -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
  145. -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
  146. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
  147. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
  148. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
  149. COMMIT
  150. # Completed on Wed Feb 20 15:00:24 2019
  151. # Generated by xtables-save v1.8.2 on Wed Feb 20 15:00:24 2019
  152. *mangle
  153. :PREROUTING ACCEPT [0:0]
  154. :INPUT ACCEPT [0:0]
  155. :FORWARD ACCEPT [0:0]
  156. :OUTPUT ACCEPT [0:0]
  157. :POSTROUTING ACCEPT [0:0]
  158. -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
  159. COMMIT
  160. # Completed on Wed Feb 20 15:00:24 2019
  161. # Warning: iptables-legacy tables present, use iptables-legacy-save to see them
  162. root@M14EBR:~# iptables-legacy-save
  163. # Generated by iptables-save v1.8.2 on Wed Feb 20 15:00:59 2019
  164. *nat
  165. :PREROUTING ACCEPT [7972:543926]
  166. :INPUT ACCEPT [813:124881]
  167. :OUTPUT ACCEPT [1694:129182]
  168. :POSTROUTING ACCEPT [1694:129182]
  169. :DOCKER - [0:0]
  170. -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
  171. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
  172. -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
  173. -A DOCKER -i docker0 -j RETURN
  174. COMMIT
  175. # Completed on Wed Feb 20 15:00:59 2019
  176. # Generated by iptables-save v1.8.2 on Wed Feb 20 15:00:59 2019
  177. *filter
  178. :INPUT ACCEPT [81155:173771982]
  179. :FORWARD DROP [2354:185837]
  180. :OUTPUT ACCEPT [61141:108408359]
  181. :DOCKER - [0:0]
  182. :DOCKER-ISOLATION-STAGE-1 - [0:0]
  183. :DOCKER-ISOLATION-STAGE-2 - [0:0]
  184. :DOCKER-USER - [0:0]
  185. -A FORWARD -j DOCKER-USER
  186. -A FORWARD -j DOCKER-ISOLATION-STAGE-1
  187. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  188. -A FORWARD -o docker0 -j DOCKER
  189. -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  190. -A FORWARD -i docker0 -o docker0 -j ACCEPT
  191. -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
  192. -A DOCKER-ISOLATION-STAGE-1 -j RETURN
  193. -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
  194. -A DOCKER-ISOLATION-STAGE-2 -j RETURN
  195. -A DOCKER-USER -j RETURN
  196. COMMIT
  197. # Completed on Wed Feb 20 15:00:59 2019
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top