Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:12 2015
- *security
- :INPUT ACCEPT [1400914:876591814]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [1181573:635010432]
- COMMIT
- # Completed on Thu Mar 5 11:50:12 2015
- # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:12 2015
- *raw
- :PREROUTING ACCEPT [352:51723]
- :OUTPUT ACCEPT [295:332811]
- COMMIT
- # Completed on Thu Mar 5 11:50:12 2015
- # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:12 2015
- *nat
- :PREROUTING ACCEPT [15:900]
- :INPUT ACCEPT [13:780]
- :OUTPUT ACCEPT [10:689]
- :POSTROUTING ACCEPT [10:689]
- COMMIT
- # Completed on Thu Mar 5 11:50:12 2015
- # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:12 2015
- *mangle
- :PREROUTING ACCEPT [352:51723]
- :INPUT ACCEPT [352:51723]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [297:333059]
- :POSTROUTING ACCEPT [297:333059]
- :tcfor - [0:0]
- :tcin - [0:0]
- :tcout - [0:0]
- :tcpost - [0:0]
- :tcpre - [0:0]
- -A PREROUTING -j tcpre
- -A INPUT -j tcin
- -A FORWARD -j MARK --set-xmark 0x0/0xff
- -A FORWARD -j tcfor
- -A OUTPUT -j tcout
- -A POSTROUTING -j tcpost
- COMMIT
- # Completed on Thu Mar 5 11:50:12 2015
- # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:12 2015
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT DROP [0:0]
- :Broadcast - [0:0]
- :Drop - [0:0]
- :Invalid - [0:0]
- :NotSyn - [0:0]
- :dynamic - [0:0]
- :eth0_fwd - [0:0]
- :eth0_in - [0:0]
- :eth0_out - [0:0]
- :fw2home - [0:0]
- :fw2milos - [0:0]
- :fw2net - [0:0]
- :fw2prod - [0:0]
- :fw2smtp - [0:0]
- :home2fw - [0:0]
- :home2milos - [0:0]
- :home2net - [0:0]
- :home2prod - [0:0]
- :home2smtp - [0:0]
- :home_frwd - [0:0]
- :logdrop - [0:0]
- :logflags - [0:0]
- :logreject - [0:0]
- :milos2fw - [0:0]
- :milos2home - [0:0]
- :milos2net - [0:0]
- :milos2prod - [0:0]
- :milos2smtp - [0:0]
- :milos_frwd - [0:0]
- :net2fw - [0:0]
- :net2home - [0:0]
- :net2milos - [0:0]
- :net2prod - [0:0]
- :net2smtp - [0:0]
- :net_frwd - [0:0]
- :prod2fw - [0:0]
- :prod2home - [0:0]
- :prod2milos - [0:0]
- :prod2net - [0:0]
- :prod2smtp - [0:0]
- :prod_frwd - [0:0]
- :reject - [0:0]
- :shorewall - [0:0]
- :smtp2fw - [0:0]
- :smtp2home - [0:0]
- :smtp2milos - [0:0]
- :smtp2net - [0:0]
- :smtp2prod - [0:0]
- :smtp_frwd - [0:0]
- :tcpflags - [0:0]
- -A INPUT -i eth0 -j eth0_in
- -A INPUT -i lo -j ACCEPT
- -A INPUT -j Drop
- -A INPUT -j DROP
- -A FORWARD -i eth0 -j eth0_fwd
- -A FORWARD -j Drop
- -A FORWARD -j DROP
- -A OUTPUT -o eth0 -j eth0_out
- -A OUTPUT -o lo -j ACCEPT
- -A OUTPUT -j ACCEPT
- -A Broadcast -m addrtype --dst-type BROADCAST -j DROP
- -A Broadcast -m addrtype --dst-type MULTICAST -j DROP
- -A Broadcast -m addrtype --dst-type ANYCAST -j DROP
- -A Broadcast -d 224.0.0.0/4 -j DROP
- -A Drop
- -A Drop -p tcp -m tcp --dport 113 -m comment --comment Auth -j reject
- -A Drop -j Broadcast
- -A Drop -p icmp -m icmp --icmp-type 3/4 -m comment --comment "Needed ICMP types" -j ACCEPT
- -A Drop -p icmp -m icmp --icmp-type 11 -m comment --comment "Needed ICMP types" -j ACCEPT
- -A Drop -j Invalid
- -A Drop -p udp -m multiport --dports 135,445 -m comment --comment SMB -j DROP
- -A Drop -p udp -m udp --dport 137:139 -m comment --comment SMB -j DROP
- -A Drop -p udp -m udp --sport 137 --dport 1024:65535 -m comment --comment SMB -j DROP
- -A Drop -p tcp -m multiport --dports 135,139,445 -m comment --comment SMB -j DROP
- -A Drop -p udp -m udp --dport 1900 -m comment --comment UPnP -j DROP
- -A Drop -p tcp -j NotSyn
- -A Drop -p udp -m udp --sport 53 -m comment --comment "Late DNS Replies" -j DROP
- -A Invalid -m conntrack --ctstate INVALID -j DROP
- -A NotSyn -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
- -A eth0_fwd -m conntrack --ctstate INVALID,NEW -j dynamic
- -A eth0_fwd -p tcp -j tcpflags
- -A eth0_fwd -s 81.151.14.107/32 -j home_frwd
- -A eth0_fwd -s 212.71.232.119/32 -j prod_frwd
- -A eth0_fwd -s 212.62.35.182/32 -j milos_frwd
- -A eth0_fwd -s 74.125.140.109/32 -j smtp_frwd
- -A eth0_fwd -j net_frwd
- -A eth0_in -m conntrack --ctstate INVALID,NEW -j dynamic
- -A eth0_in -p udp -m udp --dport 67:68 -j ACCEPT
- -A eth0_in -p tcp -j tcpflags
- -A eth0_in -s 81.151.14.107/32 -j home2fw
- -A eth0_in -s 212.71.232.119/32 -j prod2fw
- -A eth0_in -s 212.62.35.182/32 -j milos2fw
- -A eth0_in -s 74.125.140.109/32 -j smtp2fw
- -A eth0_in -j net2fw
- -A eth0_out -p udp -m udp --dport 67:68 -j ACCEPT
- -A eth0_out -d 81.151.14.107/32 -j fw2home
- -A eth0_out -d 212.71.232.119/32 -j fw2prod
- -A eth0_out -d 212.62.35.182/32 -j fw2milos
- -A eth0_out -d 74.125.140.109/32 -j fw2smtp
- -A eth0_out -j fw2net
- -A fw2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A fw2home -j ACCEPT
- -A fw2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A fw2milos -j ACCEPT
- -A fw2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A fw2net -j ACCEPT
- -A fw2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A fw2prod -j ACCEPT
- -A fw2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A fw2smtp -j ACCEPT
- -A home2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A home2fw -p tcp -m multiport --dports 22,80,443 -j ACCEPT
- -A home2fw -j Drop
- -A home2fw -j DROP
- -A home2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A home2milos -j Drop
- -A home2milos -j DROP
- -A home2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A home2net -j Drop
- -A home2net -j DROP
- -A home2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A home2prod -j Drop
- -A home2prod -j DROP
- -A home2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A home2smtp -j Drop
- -A home2smtp -j DROP
- -A home_frwd -d 212.71.232.119/32 -o eth0 -j home2prod
- -A home_frwd -d 212.62.35.182/32 -o eth0 -j home2milos
- -A home_frwd -d 74.125.140.109/32 -o eth0 -j home2smtp
- -A home_frwd -o eth0 -j home2net
- -A logdrop -j DROP
- -A logflags -j LOG --log-prefix "Shorewall:logflags:DROP:" --log-level 6 --log-ip-options
- -A logflags -j DROP
- -A logreject -j reject
- -A milos2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A milos2fw -p tcp -m multiport --dports 22,80,443 -j ACCEPT
- -A milos2fw -j Drop
- -A milos2fw -j DROP
- -A milos2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A milos2home -j Drop
- -A milos2home -j DROP
- -A milos2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A milos2net -j Drop
- -A milos2net -j DROP
- -A milos2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A milos2prod -j Drop
- -A milos2prod -j DROP
- -A milos2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A milos2smtp -j Drop
- -A milos2smtp -j DROP
- -A milos_frwd -d 81.151.14.107/32 -o eth0 -j milos2home
- -A milos_frwd -d 212.71.232.119/32 -o eth0 -j milos2prod
- -A milos_frwd -d 74.125.140.109/32 -o eth0 -j milos2smtp
- -A milos_frwd -o eth0 -j milos2net
- -A net2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A net2fw -p tcp -m multiport --dports 80,443 -j ACCEPT
- -A net2fw -j Drop
- -A net2fw -j DROP
- -A net2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A net2home -j Drop
- -A net2home -j DROP
- -A net2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A net2milos -j Drop
- -A net2milos -j DROP
- -A net2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A net2prod -j Drop
- -A net2prod -j DROP
- -A net2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A net2smtp -j Drop
- -A net2smtp -j DROP
- -A net_frwd -d 81.151.14.107/32 -o eth0 -j net2home
- -A net_frwd -d 212.71.232.119/32 -o eth0 -j net2prod
- -A net_frwd -d 212.62.35.182/32 -o eth0 -j net2milos
- -A net_frwd -d 74.125.140.109/32 -o eth0 -j net2smtp
- -A prod2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A prod2fw -p tcp -m multiport --dports 22,80,443 -j ACCEPT
- -A prod2fw -j Drop
- -A prod2fw -j DROP
- -A prod2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A prod2home -j Drop
- -A prod2home -j DROP
- -A prod2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A prod2milos -j Drop
- -A prod2milos -j DROP
- -A prod2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A prod2net -j Drop
- -A prod2net -j DROP
- -A prod2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A prod2smtp -j Drop
- -A prod2smtp -j DROP
- -A prod_frwd -d 81.151.14.107/32 -o eth0 -j prod2home
- -A prod_frwd -d 212.62.35.182/32 -o eth0 -j prod2milos
- -A prod_frwd -d 74.125.140.109/32 -o eth0 -j prod2smtp
- -A prod_frwd -o eth0 -j prod2net
- -A reject -m addrtype --src-type BROADCAST -j DROP
- -A reject -s 224.0.0.0/4 -j DROP
- -A reject -p igmp -j DROP
- -A reject -p tcp -j REJECT --reject-with tcp-reset
- -A reject -p udp -j REJECT --reject-with icmp-port-unreachable
- -A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
- -A reject -j REJECT --reject-with icmp-host-prohibited
- -A smtp2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A smtp2fw -j Drop
- -A smtp2fw -j DROP
- -A smtp2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A smtp2home -j Drop
- -A smtp2home -j DROP
- -A smtp2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A smtp2milos -j Drop
- -A smtp2milos -j DROP
- -A smtp2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A smtp2net -j Drop
- -A smtp2net -j DROP
- -A smtp2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A smtp2prod -j Drop
- -A smtp2prod -j DROP
- -A smtp_frwd -d 81.151.14.107/32 -o eth0 -j smtp2home
- -A smtp_frwd -d 212.71.232.119/32 -o eth0 -j smtp2prod
- -A smtp_frwd -d 212.62.35.182/32 -o eth0 -j smtp2milos
- -A smtp_frwd -o eth0 -j smtp2net
- -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
- -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
- -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
- -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
- -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
- COMMIT
- # Completed on Thu Mar 5 11:50:12 2015
- root@testing-cubasolidays:/etc/shorewall# clear
- root@testing-cubasolidays:/etc/shorewall# iptables-save
- # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:38 2015
- *security
- :INPUT ACCEPT [1400959:876594578]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [1181601:635031808]
- COMMIT
- # Completed on Thu Mar 5 11:50:38 2015
- # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:38 2015
- *raw
- :PREROUTING ACCEPT [397:54487]
- :OUTPUT ACCEPT [320:354031]
- COMMIT
- # Completed on Thu Mar 5 11:50:38 2015
- # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:38 2015
- *nat
- :PREROUTING ACCEPT [15:900]
- :INPUT ACCEPT [13:780]
- :OUTPUT ACCEPT [10:689]
- :POSTROUTING ACCEPT [10:689]
- COMMIT
- # Completed on Thu Mar 5 11:50:38 2015
- # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:38 2015
- *mangle
- :PREROUTING ACCEPT [397:54487]
- :INPUT ACCEPT [397:54487]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [325:355083]
- :POSTROUTING ACCEPT [325:355083]
- :tcfor - [0:0]
- :tcin - [0:0]
- :tcout - [0:0]
- :tcpost - [0:0]
- :tcpre - [0:0]
- -A PREROUTING -j tcpre
- -A INPUT -j tcin
- -A FORWARD -j MARK --set-xmark 0x0/0xff
- -A FORWARD -j tcfor
- -A OUTPUT -j tcout
- -A POSTROUTING -j tcpost
- COMMIT
- # Completed on Thu Mar 5 11:50:38 2015
- # Generated by iptables-save v1.4.14 on Thu Mar 5 11:50:38 2015
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT DROP [0:0]
- :Broadcast - [0:0]
- :Drop - [0:0]
- :Invalid - [0:0]
- :NotSyn - [0:0]
- :dynamic - [0:0]
- :eth0_fwd - [0:0]
- :eth0_in - [0:0]
- :eth0_out - [0:0]
- :fw2home - [0:0]
- :fw2milos - [0:0]
- :fw2net - [0:0]
- :fw2prod - [0:0]
- :fw2smtp - [0:0]
- :home2fw - [0:0]
- :home2milos - [0:0]
- :home2net - [0:0]
- :home2prod - [0:0]
- :home2smtp - [0:0]
- :home_frwd - [0:0]
- :logdrop - [0:0]
- :logflags - [0:0]
- :logreject - [0:0]
- :milos2fw - [0:0]
- :milos2home - [0:0]
- :milos2net - [0:0]
- :milos2prod - [0:0]
- :milos2smtp - [0:0]
- :milos_frwd - [0:0]
- :net2fw - [0:0]
- :net2home - [0:0]
- :net2milos - [0:0]
- :net2prod - [0:0]
- :net2smtp - [0:0]
- :net_frwd - [0:0]
- :prod2fw - [0:0]
- :prod2home - [0:0]
- :prod2milos - [0:0]
- :prod2net - [0:0]
- :prod2smtp - [0:0]
- :prod_frwd - [0:0]
- :reject - [0:0]
- :shorewall - [0:0]
- :smtp2fw - [0:0]
- :smtp2home - [0:0]
- :smtp2milos - [0:0]
- :smtp2net - [0:0]
- :smtp2prod - [0:0]
- :smtp_frwd - [0:0]
- :tcpflags - [0:0]
- -A INPUT -i eth0 -j eth0_in
- -A INPUT -i lo -j ACCEPT
- -A INPUT -j Drop
- -A INPUT -j DROP
- -A FORWARD -i eth0 -j eth0_fwd
- -A FORWARD -j Drop
- -A FORWARD -j DROP
- -A OUTPUT -o eth0 -j eth0_out
- -A OUTPUT -o lo -j ACCEPT
- -A OUTPUT -j ACCEPT
- -A Broadcast -m addrtype --dst-type BROADCAST -j DROP
- -A Broadcast -m addrtype --dst-type MULTICAST -j DROP
- -A Broadcast -m addrtype --dst-type ANYCAST -j DROP
- -A Broadcast -d 224.0.0.0/4 -j DROP
- -A Drop
- -A Drop -p tcp -m tcp --dport 113 -m comment --comment Auth -j reject
- -A Drop -j Broadcast
- -A Drop -p icmp -m icmp --icmp-type 3/4 -m comment --comment "Needed ICMP types" -j ACCEPT
- -A Drop -p icmp -m icmp --icmp-type 11 -m comment --comment "Needed ICMP types" -j ACCEPT
- -A Drop -j Invalid
- -A Drop -p udp -m multiport --dports 135,445 -m comment --comment SMB -j DROP
- -A Drop -p udp -m udp --dport 137:139 -m comment --comment SMB -j DROP
- -A Drop -p udp -m udp --sport 137 --dport 1024:65535 -m comment --comment SMB -j DROP
- -A Drop -p tcp -m multiport --dports 135,139,445 -m comment --comment SMB -j DROP
- -A Drop -p udp -m udp --dport 1900 -m comment --comment UPnP -j DROP
- -A Drop -p tcp -j NotSyn
- -A Drop -p udp -m udp --sport 53 -m comment --comment "Late DNS Replies" -j DROP
- -A Invalid -m conntrack --ctstate INVALID -j DROP
- -A NotSyn -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
- -A eth0_fwd -m conntrack --ctstate INVALID,NEW -j dynamic
- -A eth0_fwd -p tcp -j tcpflags
- -A eth0_fwd -s 81.151.14.107/32 -j home_frwd
- -A eth0_fwd -s 212.71.232.119/32 -j prod_frwd
- -A eth0_fwd -s 212.62.35.182/32 -j milos_frwd
- -A eth0_fwd -s 74.125.140.109/32 -j smtp_frwd
- -A eth0_fwd -j net_frwd
- -A eth0_in -m conntrack --ctstate INVALID,NEW -j dynamic
- -A eth0_in -p udp -m udp --dport 67:68 -j ACCEPT
- -A eth0_in -p tcp -j tcpflags
- -A eth0_in -s 81.151.14.107/32 -j home2fw
- -A eth0_in -s 212.71.232.119/32 -j prod2fw
- -A eth0_in -s 212.62.35.182/32 -j milos2fw
- -A eth0_in -s 74.125.140.109/32 -j smtp2fw
- -A eth0_in -j net2fw
- -A eth0_out -p udp -m udp --dport 67:68 -j ACCEPT
- -A eth0_out -d 81.151.14.107/32 -j fw2home
- -A eth0_out -d 212.71.232.119/32 -j fw2prod
- -A eth0_out -d 212.62.35.182/32 -j fw2milos
- -A eth0_out -d 74.125.140.109/32 -j fw2smtp
- -A eth0_out -j fw2net
- -A fw2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A fw2home -j ACCEPT
- -A fw2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A fw2milos -j ACCEPT
- -A fw2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A fw2net -j ACCEPT
- -A fw2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A fw2prod -j ACCEPT
- -A fw2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A fw2smtp -j ACCEPT
- -A home2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A home2fw -p tcp -m multiport --dports 22,80,443 -j ACCEPT
- -A home2fw -j Drop
- -A home2fw -j DROP
- -A home2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A home2milos -j Drop
- -A home2milos -j DROP
- -A home2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A home2net -j Drop
- -A home2net -j DROP
- -A home2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A home2prod -j Drop
- -A home2prod -j DROP
- -A home2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A home2smtp -j Drop
- -A home2smtp -j DROP
- -A home_frwd -d 212.71.232.119/32 -o eth0 -j home2prod
- -A home_frwd -d 212.62.35.182/32 -o eth0 -j home2milos
- -A home_frwd -d 74.125.140.109/32 -o eth0 -j home2smtp
- -A home_frwd -o eth0 -j home2net
- -A logdrop -j DROP
- -A logflags -j LOG --log-prefix "Shorewall:logflags:DROP:" --log-level 6 --log-ip-options
- -A logflags -j DROP
- -A logreject -j reject
- -A milos2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A milos2fw -p tcp -m multiport --dports 22,80,443 -j ACCEPT
- -A milos2fw -j Drop
- -A milos2fw -j DROP
- -A milos2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A milos2home -j Drop
- -A milos2home -j DROP
- -A milos2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A milos2net -j Drop
- -A milos2net -j DROP
- -A milos2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A milos2prod -j Drop
- -A milos2prod -j DROP
- -A milos2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A milos2smtp -j Drop
- -A milos2smtp -j DROP
- -A milos_frwd -d 81.151.14.107/32 -o eth0 -j milos2home
- -A milos_frwd -d 212.71.232.119/32 -o eth0 -j milos2prod
- -A milos_frwd -d 74.125.140.109/32 -o eth0 -j milos2smtp
- -A milos_frwd -o eth0 -j milos2net
- -A net2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A net2fw -p tcp -m multiport --dports 80,443 -j ACCEPT
- -A net2fw -j Drop
- -A net2fw -j DROP
- -A net2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A net2home -j Drop
- -A net2home -j DROP
- -A net2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A net2milos -j Drop
- -A net2milos -j DROP
- -A net2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A net2prod -j Drop
- -A net2prod -j DROP
- -A net2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A net2smtp -j Drop
- -A net2smtp -j DROP
- -A net_frwd -d 81.151.14.107/32 -o eth0 -j net2home
- -A net_frwd -d 212.71.232.119/32 -o eth0 -j net2prod
- -A net_frwd -d 212.62.35.182/32 -o eth0 -j net2milos
- -A net_frwd -d 74.125.140.109/32 -o eth0 -j net2smtp
- -A prod2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A prod2fw -p tcp -m multiport --dports 22,80,443 -j ACCEPT
- -A prod2fw -j Drop
- -A prod2fw -j DROP
- -A prod2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A prod2home -j Drop
- -A prod2home -j DROP
- -A prod2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A prod2milos -j Drop
- -A prod2milos -j DROP
- -A prod2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A prod2net -j Drop
- -A prod2net -j DROP
- -A prod2smtp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A prod2smtp -j Drop
- -A prod2smtp -j DROP
- -A prod_frwd -d 81.151.14.107/32 -o eth0 -j prod2home
- -A prod_frwd -d 212.62.35.182/32 -o eth0 -j prod2milos
- -A prod_frwd -d 74.125.140.109/32 -o eth0 -j prod2smtp
- -A prod_frwd -o eth0 -j prod2net
- -A reject -m addrtype --src-type BROADCAST -j DROP
- -A reject -s 224.0.0.0/4 -j DROP
- -A reject -p igmp -j DROP
- -A reject -p tcp -j REJECT --reject-with tcp-reset
- -A reject -p udp -j REJECT --reject-with icmp-port-unreachable
- -A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
- -A reject -j REJECT --reject-with icmp-host-prohibited
- -A smtp2fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A smtp2fw -j Drop
- -A smtp2fw -j DROP
- -A smtp2home -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A smtp2home -j Drop
- -A smtp2home -j DROP
- -A smtp2milos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A smtp2milos -j Drop
- -A smtp2milos -j DROP
- -A smtp2net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A smtp2net -j Drop
- -A smtp2net -j DROP
- -A smtp2prod -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A smtp2prod -j Drop
- -A smtp2prod -j DROP
- -A smtp_frwd -d 81.151.14.107/32 -o eth0 -j smtp2home
- -A smtp_frwd -d 212.71.232.119/32 -o eth0 -j smtp2prod
- -A smtp_frwd -d 212.62.35.182/32 -o eth0 -j smtp2milos
- -A smtp_frwd -o eth0 -j smtp2net
- -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
- -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
- -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
- -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
- -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement