API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 24th, 2019
180
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.14 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.6.0 on Thu Oct 24 21:36:06 2019
  2. *filter
  3. :INPUT DROP [2462:114018]
  4. :FORWARD DROP [0:0]
  5. :OUTPUT ACCEPT [0:0]
  6. :f2b-sshd - [0:0]
  7. :ufw-after-forward - [0:0]
  8. :ufw-after-input - [0:0]
  9. :ufw-after-logging-forward - [0:0]
  10. :ufw-after-logging-input - [0:0]
  11. :ufw-after-logging-output - [0:0]
  12. :ufw-after-output - [0:0]
  13. :ufw-before-forward - [0:0]
  14. :ufw-before-input - [0:0]
  15. :ufw-before-logging-forward - [0:0]
  16. :ufw-before-logging-input - [0:0]
  17. :ufw-before-logging-output - [0:0]
  18. :ufw-before-output - [0:0]
  19. :ufw-logging-allow - [0:0]
  20. :ufw-logging-deny - [0:0]
  21. :ufw-not-local - [0:0]
  22. :ufw-reject-forward - [0:0]
  23. :ufw-reject-input - [0:0]
  24. :ufw-reject-output - [0:0]
  25. :ufw-skip-to-policy-forward - [0:0]
  26. :ufw-skip-to-policy-input - [0:0]
  27. :ufw-skip-to-policy-output - [0:0]
  28. :ufw-track-forward - [0:0]
  29. :ufw-track-input - [0:0]
  30. :ufw-track-output - [0:0]
  31. :ufw-user-forward - [0:0]
  32. :ufw-user-input - [0:0]
  33. :ufw-user-limit - [0:0]
  34. :ufw-user-limit-accept - [0:0]
  35. :ufw-user-logging-forward - [0:0]
  36. :ufw-user-logging-input - [0:0]
  37. :ufw-user-logging-output - [0:0]
  38. :ufw-user-output - [0:0]
  39. -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
  40. -A INPUT -j ufw-before-logging-input
  41. -A INPUT -j ufw-before-input
  42. -A INPUT -j ufw-after-input
  43. -A INPUT -j ufw-after-logging-input
  44. -A INPUT -j ufw-reject-input
  45. -A INPUT -j ufw-track-input
  46. -A FORWARD -j ufw-before-logging-forward
  47. -A FORWARD -j ufw-before-forward
  48. -A FORWARD -j ufw-after-forward
  49. -A FORWARD -j ufw-after-logging-forward
  50. -A FORWARD -j ufw-reject-forward
  51. -A FORWARD -j ufw-track-forward
  52. -A OUTPUT -j ufw-before-logging-output
  53. -A OUTPUT -j ufw-before-output
  54. -A OUTPUT -j ufw-after-output
  55. -A OUTPUT -j ufw-after-logging-output
  56. -A OUTPUT -j ufw-reject-output
  57. -A OUTPUT -j ufw-track-output
  58. -A f2b-sshd -j RETURN
  59. -A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
  60. -A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
  61. -A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
  62. -A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
  63. -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
  64. -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
  65. -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
  66. -A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
  67. -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
  68. -A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  69. -A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
  70. -A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
  71. -A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
  72. -A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
  73. -A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
  74. -A ufw-before-forward -j ufw-user-forward
  75. -A ufw-before-input -i lo -j ACCEPT
  76. -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  77. -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
  78. -A ufw-before-input -m conntrack --ctstate INVALID -j DROP
  79. -A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
  80. -A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
  81. -A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
  82. -A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
  83. -A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
  84. -A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
  85. -A ufw-before-input -j ufw-not-local
  86. -A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
  87. -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
  88. -A ufw-before-input -j ufw-user-input
  89. -A ufw-before-output -o lo -j ACCEPT
  90. -A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  91. -A ufw-before-output -j ufw-user-output
  92. -A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
  93. -A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
  94. -A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
  95. -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
  96. -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
  97. -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
  98. -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
  99. -A ufw-not-local -j DROP
  100. -A ufw-skip-to-policy-forward -j DROP
  101. -A ufw-skip-to-policy-input -j DROP
  102. -A ufw-skip-to-policy-output -j ACCEPT
  103. -A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
  104. -A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
  105. -A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
  106. -A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
  107. -A ufw-user-input -p tcp -m tcp --dport 443 -j ACCEPT
  108. -A ufw-user-input -p tcp -m tcp --dport 25 -j ACCEPT
  109. -A ufw-user-input -p udp -m udp --dport 25 -j ACCEPT
  110. -A ufw-user-input -p tcp -m tcp --dport 587 -j ACCEPT
  111. -A ufw-user-input -p udp -m udp --dport 587 -j ACCEPT
  112. -A ufw-user-input -p tcp -m tcp --dport 110 -j ACCEPT
  113. -A ufw-user-input -p udp -m udp --dport 110 -j ACCEPT
  114. -A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
  115. -A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
  116. -A ufw-user-limit-accept -j ACCEPT
  117. COMMIT
  118. # Completed on Thu Oct 24 21:36:06 2019
  119.  
  120.  
  121. sudo ufw status
  122. Status: active
  123.  
  124. To Action From
  125. -- ------ ----
  126. 22/tcp ALLOW Anywhere
  127. 80/tcp ALLOW Anywhere
  128. 443/tcp ALLOW Anywhere
  129. 25 ALLOW Anywhere
  130. 587 ALLOW Anywhere
  131. 110 ALLOW Anywhere
  132. 22/tcp (v6) ALLOW Anywhere (v6)
  133. 80/tcp (v6) ALLOW Anywhere (v6)
  134. 443/tcp (v6) ALLOW Anywhere (v6)
  135. 25 (v6) ALLOW Anywhere (v6)
  136. 587 (v6) ALLOW Anywhere (v6)
  137. 110 (v6) ALLOW Anywhere (v6)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!