API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 30th, 2022
214
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.45 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.6.0 on Wed Mar 30 19:06:19 2022
  2. *filter
  3. :INPUT ACCEPT [0:0]
  4. :FORWARD ACCEPT [4:301]
  5. :OUTPUT ACCEPT [111:28606]
  6. -A INPUT -p tcp -m tcp --sport 443 --tcp-flags RST RST -j DROP
  7. -A INPUT -i wlan0 -j ACCEPT
  8. -A INPUT -i eth1 -j ACCEPT
  9. -A INPUT -i eth0 -p tcp -m tcp --dport 139 -j DROP
  10. -A INPUT -i eth0 -p tcp -m tcp --dport 445 -j DROP
  11. -A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
  12. -A INPUT -i eth0 -p udp -m udp --dport 443 -j ACCEPT
  13. -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
  14. -A INPUT -s 172.29.3.0/24 -j ACCEPT
  15. -A INPUT -d 172.29.3.0/24 -j ACCEPT
  16. -A INPUT -p udp -m udp --dport 16881 -j ACCEPT
  17. -A INPUT -p udp -m udp --sport 6881 -j ACCEPT
  18. -A INPUT -p udp -m udp --sport 6882 -j ACCEPT
  19. -A INPUT -p udp -m udp --sport 6883 -j ACCEPT
  20. -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
  21. -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
  22. -A INPUT -p tcp -m tcp --dport 6962 -j ACCEPT
  23. -A INPUT -p tcp -m tcp --dport 6982 -j ACCEPT
  24. -A INPUT -p tcp -m tcp --dport 6899 -j ACCEPT
  25. -A INPUT -p tcp -m tcp --dport 23880 -j ACCEPT
  26. -A INPUT -i lo -j ACCEPT
  27. -A INPUT -i eth1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 5/hour -j ACCEPT
  28. -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
  29. -A INPUT -p tcp -m tcp --sport 110 -j ACCEPT
  30. -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
  31. -A INPUT -d 192.168.1.64/32 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
  32. -A INPUT -p tcp -m tcp --dport 6667 -j ACCEPT
  33. -A INPUT -p tcp -m tcp --dport 6668 -j ACCEPT
  34. -A INPUT -p tcp -m tcp --dport 6669 -j ACCEPT
  35. -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
  36. -A INPUT -p tcp -m multiport --dports 2010:2020 -j ACCEPT
  37. -A INPUT -p udp -m multiport --dports 2010:2020 -j ACCEPT
  38. -A INPUT -p tcp -m multiport --dports 23122 -j ACCEPT
  39. -A INPUT -p udp -m multiport --dports 23122 -j ACCEPT
  40. -A INPUT -p tcp -m multiport --dports 23123 -j ACCEPT
  41. -A INPUT -p udp -m multiport --dports 23123 -j ACCEPT
  42. -A INPUT -p tcp -m multiport --dports 25 -j ACCEPT
  43. -A INPUT -p udp -m multiport --dports 25 -j ACCEPT
  44. -A INPUT -p tcp -m multiport --dports 6883 -j ACCEPT
  45. -A INPUT -p udp -m multiport --dports 6883 -j ACCEPT
  46. -A INPUT -p tcp -m multiport --dports 6882 -j ACCEPT
  47. -A INPUT -p udp -m multiport --dports 6882 -j ACCEPT
  48. -A INPUT -p tcp -m multiport --dports 23125 -j ACCEPT
  49. -A INPUT -p udp -m multiport --dports 23125 -j ACCEPT
  50. -A INPUT -p tcp -m multiport --dports 7881 -j ACCEPT
  51. -A INPUT -p udp -m multiport --dports 7881 -j ACCEPT
  52. -A INPUT -p tcp -m multiport --dports 8881 -j ACCEPT
  53. -A INPUT -p udp -m multiport --dports 8881 -j ACCEPT
  54. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  55. -A INPUT -p udp -m udp --dport 500 -j ACCEPT
  56. -A INPUT -p udp -m udp --dport 4500 -j ACCEPT
  57. -A INPUT -p esp -j ACCEPT
  58. -A INPUT -p ah -j ACCEPT
  59. -A INPUT -p tcp -m multiport --dports 500 -j ACCEPT
  60. -A INPUT -p udp -m multiport --dports 500 -j ACCEPT
  61. -A INPUT -p tcp -m multiport --dports 4500 -j ACCEPT
  62. -A INPUT -p udp -m multiport --dports 4500 -j ACCEPT
  63. -A INPUT -p tcp -m multiport --dports 1701 -j ACCEPT
  64. -A INPUT -p udp -m multiport --dports 1701 -j ACCEPT
  65. -A INPUT -p tcp -m tcp --dport 56055 -j ACCEPT
  66. -A INPUT -p udp -m udp --dport 56055 -j ACCEPT
  67. -A INPUT -p udp -m udp --dport 6882 -j ACCEPT
  68. -A INPUT -p udp -m udp --dport 6885 -j ACCEPT
  69. -A INPUT -m mark --mark 0x10000/0x10000 -j ACCEPT
  70. -A INPUT -s 172.29.2.0/24 -i eth1 -j ACCEPT
  71. -A INPUT -s 172.29.3.0/24 -i eth1 -j ACCEPT
  72. -A INPUT -s 10.0.2.0/24 -i eth1 -j ACCEPT
  73. -A INPUT -i ppp+ -m state --state NEW -j DROP
  74. -A INPUT -i eth0 -m state --state NEW -j DROP
  75. -A FORWARD -s 194.67.1.14/32 -j DROP
  76. -A FORWARD -d 194.67.1.14/32 -j DROP
  77. -A FORWARD -s 91.192.150.4/32 -j DROP
  78. -A FORWARD -s 91.192.149.113/32 -j DROP
  79. -A FORWARD -s 91.192.148.113/32 -j DROP
  80. -A FORWARD -s 91.192.149.4/32 -j DROP
  81. -A FORWARD -s 91.192.150.113/32 -j DROP
  82. -A FORWARD -s 91.192.148.4/32 -j DROP
  83. -A FORWARD -d 91.192.148.4/32 -j DROP
  84. -A FORWARD -d 91.192.150.113/32 -j DROP
  85. -A FORWARD -d 91.192.150.4/32 -j DROP
  86. -A FORWARD -d 91.192.149.113/32 -j DROP
  87. -A FORWARD -d 91.192.149.4/32 -j DROP
  88. -A FORWARD -d 91.192.148.113/32 -j DROP
  89. -A FORWARD -s 195.85.23.141/32 -j DROP
  90. -A FORWARD -d 172.29.2.5/32 -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
  91. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  92. -A FORWARD -d 172.29.2.14/32 -p udp -m udp --dport 500 -j ACCEPT
  93. -A FORWARD -d 172.29.2.14/32 -p udp -m udp --dport 4500 -j ACCEPT
  94. -A OUTPUT -s 172.29.3.0/24 -j ACCEPT
  95. -A OUTPUT -d 172.29.3.0/24 -j ACCEPT
  96. -A OUTPUT -p udp -m udp --dport 16881 -j ACCEPT
  97. -A OUTPUT -p udp -m udp --sport 6881 -j ACCEPT
  98. -A OUTPUT -p udp -m udp --sport 6882 -j ACCEPT
  99. -A OUTPUT -p udp -m udp --sport 6883 -j ACCEPT
  100. -A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT
  101. -A OUTPUT -s 192.168.1.64/32 -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  102. -A OUTPUT -p udp -m udp --sport 6882 -j ACCEPT
  103. COMMIT
  104. # Completed on Wed Mar 30 19:06:19 2022
  105. # Generated by iptables-save v1.6.0 on Wed Mar 30 19:06:19 2022
  106. *nat
  107. :PREROUTING ACCEPT [18:1563]
  108. :INPUT ACCEPT [13:747]
  109. :OUTPUT ACCEPT [1:73]
  110. :POSTROUTING ACCEPT [1:73]
  111. -A PREROUTING -p tcp -m multiport --dports 2010:2020 -j DNAT --to-destination 172.29.2.5
  112. -A PREROUTING -p udp -m multiport --dports 2010:2020 -j DNAT --to-destination 172.29.2.5
  113. -A PREROUTING -p tcp -m multiport --dports 23122 -j DNAT --to-destination 172.29.2.2:22
  114. -A PREROUTING -p udp -m multiport --dports 23122 -j DNAT --to-destination 172.29.2.2:22
  115. -A PREROUTING -p tcp -m multiport --dports 23123 -j DNAT --to-destination 172.29.2.3:22
  116. -A PREROUTING -p udp -m multiport --dports 23123 -j DNAT --to-destination 172.29.2.3:22
  117. -A PREROUTING -p tcp -m multiport --dports 25 -j DNAT --to-destination 172.29.2.3:25
  118. -A PREROUTING -p udp -m multiport --dports 25 -j DNAT --to-destination 172.29.2.3:25
  119. -A PREROUTING -p tcp -m multiport --dports 6883 -j DNAT --to-destination 172.29.2.3:6883
  120. -A PREROUTING -p udp -m multiport --dports 6883 -j DNAT --to-destination 172.29.2.3:6883
  121. -A PREROUTING -p tcp -m multiport --dports 6882 -j DNAT --to-destination 172.29.2.3:6882
  122. -A PREROUTING -p udp -m multiport --dports 6882 -j DNAT --to-destination 172.29.2.3:6882
  123. -A PREROUTING -p tcp -m multiport --dports 23125 -j DNAT --to-destination 172.29.2.5:22
  124. -A PREROUTING -p udp -m multiport --dports 23125 -j DNAT --to-destination 172.29.2.5:22
  125. -A PREROUTING -p tcp -m multiport --dports 7881 -j DNAT --to-destination 172.29.2.2:7881
  126. -A PREROUTING -p udp -m multiport --dports 7881 -j DNAT --to-destination 172.29.2.2:7881
  127. -A PREROUTING -p tcp -m multiport --dports 8881 -j DNAT --to-destination 172.29.2.2:8881
  128. -A PREROUTING -p udp -m multiport --dports 8881 -j DNAT --to-destination 172.29.2.2:8881
  129. -A PREROUTING -p tcp -m multiport --dports 500 -j DNAT --to-destination 172.29.2.14:500
  130. -A PREROUTING -p udp -m multiport --dports 500 -j DNAT --to-destination 172.29.2.14:500
  131. -A PREROUTING -p tcp -m multiport --dports 4500 -j DNAT --to-destination 172.29.2.14:4500
  132. -A PREROUTING -p udp -m multiport --dports 4500 -j DNAT --to-destination 172.29.2.14:4500
  133. -A PREROUTING -p tcp -m multiport --dports 1701 -j DNAT --to-destination 172.29.2.14:1701
  134. -A PREROUTING -p udp -m multiport --dports 1701 -j DNAT --to-destination 172.29.2.14:1701
  135. -A PREROUTING -d <host>/32 -i eth1 -p udp -m udp --dport 500 -j DNAT --to-destination 172.29.2.14
  136. -A PREROUTING -d <host>/32 -i eth1 -p udp -m udp --dport 4500 -j DNAT --to-destination 172.29.2.14
  137. -A PREROUTING -p tcp -m mark --mark 0x12225 -j REDIRECT --to-ports 22
  138. -A POSTROUTING -s 172.29.2.0/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT
  139. -A POSTROUTING -m policy --dir out --pol ipsec -j ACCEPT
  140. -A POSTROUTING -s 172.29.2.14/32 -p udp -m udp --sport 500 -j SNAT --to-source <host>
  141. -A POSTROUTING -s 172.29.2.14/32 -p udp -m udp --sport 4500 -j SNAT --to-source <host>
  142. -A POSTROUTING -s 172.29.2.0/24 -o eth0 -j SNAT --to-source 192.168.1.64
  143. -A POSTROUTING -s 172.29.3.0/24 -o eth0 -j SNAT --to-source 192.168.1.64
  144. -A POSTROUTING -s 10.0.2.0/24 -o eth0 -j SNAT --to-source 192.168.1.64
  145. -A POSTROUTING -s 172.29.2.0/24 -o wlan+ -j MASQUERADE
  146. -A POSTROUTING -s 172.29.3.0/24 -o wlan+ -j MASQUERADE
  147. -A POSTROUTING -s 10.0.2.0/24 -o wlan+ -j MASQUERADE
  148. -A POSTROUTING -d 10.0.2.0/24 -j ACCEPT
  149. -A POSTROUTING -s 10.0.2.0/24 -j ACCEPT
  150. -A POSTROUTING -s 172.29.2.0/24 -d 172.29.3.0/24 -j ACCEPT
  151. -A POSTROUTING -d 172.29.2.0/24 -j ACCEPT
  152. -A POSTROUTING -d 172.29.3.0/24 -j ACCEPT
  153. -A POSTROUTING -s 172.29.3.0/24 -j ACCEPT
  154. -A POSTROUTING -s 172.29.2.0/24 -o eth0 -j SNAT --to-source 192.168.1.64
  155. -A POSTROUTING -s 172.29.3.0/24 -o eth0 -j SNAT --to-source 192.168.1.64
  156. COMMIT
  157. # Completed on Wed Mar 30 19:06:19 2022
  158. # Generated by iptables-save v1.6.0 on Wed Mar 30 19:06:19 2022
  159. *mangle
  160. :PREROUTING ACCEPT [572:113873]
  161. :INPUT ACCEPT [278:48273]
  162. :FORWARD ACCEPT [290:64800]
  163. :OUTPUT ACCEPT [111:28606]
  164. :POSTROUTING ACCEPT [446:103228]
  165. -A PREROUTING -d 192.168.1.64/32 -p tcp -m multiport --dports 23123 -j MARK --set-xmark 0x12225/0x12225
  166. -A PREROUTING -d 192.168.1.64/32 -p tcp -m multiport --dports 23123 -j MARK --set-xmark 0x12225/0x12225
  167. -A PREROUTING -d 192.168.1.64/32 -p tcp -m multiport --dports 23125 -j MARK --set-xmark 0x12225/0x12225
  168. -A PREROUTING -d 192.168.1.64/32 -p tcp -m multiport --dports 4422 -j MARK --set-xmark 0x12225/0x12225
  169. -A FORWARD -s 172.29.2.0/24 -o ppp+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  170. -A FORWARD -s 172.29.3.0/24 -o ppp+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  171. COMMIT
  172. # Completed on Wed Mar 30 19:06:19 2022
  173.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!