Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Generated by iptables-save v1.6.0 on Thu Oct 24 21:36:06 2019
- *filter
- :INPUT DROP [2462:114018]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- :f2b-sshd - [0:0]
- :ufw-after-forward - [0:0]
- :ufw-after-input - [0:0]
- :ufw-after-logging-forward - [0:0]
- :ufw-after-logging-input - [0:0]
- :ufw-after-logging-output - [0:0]
- :ufw-after-output - [0:0]
- :ufw-before-forward - [0:0]
- :ufw-before-input - [0:0]
- :ufw-before-logging-forward - [0:0]
- :ufw-before-logging-input - [0:0]
- :ufw-before-logging-output - [0:0]
- :ufw-before-output - [0:0]
- :ufw-logging-allow - [0:0]
- :ufw-logging-deny - [0:0]
- :ufw-not-local - [0:0]
- :ufw-reject-forward - [0:0]
- :ufw-reject-input - [0:0]
- :ufw-reject-output - [0:0]
- :ufw-skip-to-policy-forward - [0:0]
- :ufw-skip-to-policy-input - [0:0]
- :ufw-skip-to-policy-output - [0:0]
- :ufw-track-forward - [0:0]
- :ufw-track-input - [0:0]
- :ufw-track-output - [0:0]
- :ufw-user-forward - [0:0]
- :ufw-user-input - [0:0]
- :ufw-user-limit - [0:0]
- :ufw-user-limit-accept - [0:0]
- :ufw-user-logging-forward - [0:0]
- :ufw-user-logging-input - [0:0]
- :ufw-user-logging-output - [0:0]
- :ufw-user-output - [0:0]
- -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
- -A INPUT -j ufw-before-logging-input
- -A INPUT -j ufw-before-input
- -A INPUT -j ufw-after-input
- -A INPUT -j ufw-after-logging-input
- -A INPUT -j ufw-reject-input
- -A INPUT -j ufw-track-input
- -A FORWARD -j ufw-before-logging-forward
- -A FORWARD -j ufw-before-forward
- -A FORWARD -j ufw-after-forward
- -A FORWARD -j ufw-after-logging-forward
- -A FORWARD -j ufw-reject-forward
- -A FORWARD -j ufw-track-forward
- -A OUTPUT -j ufw-before-logging-output
- -A OUTPUT -j ufw-before-output
- -A OUTPUT -j ufw-after-output
- -A OUTPUT -j ufw-after-logging-output
- -A OUTPUT -j ufw-reject-output
- -A OUTPUT -j ufw-track-output
- -A f2b-sshd -j RETURN
- -A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
- -A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
- -A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
- -A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
- -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
- -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
- -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
- -A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
- -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
- -A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
- -A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
- -A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
- -A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
- -A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
- -A ufw-before-forward -j ufw-user-forward
- -A ufw-before-input -i lo -j ACCEPT
- -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
- -A ufw-before-input -m conntrack --ctstate INVALID -j DROP
- -A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
- -A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
- -A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
- -A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
- -A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
- -A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
- -A ufw-before-input -j ufw-not-local
- -A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
- -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
- -A ufw-before-input -j ufw-user-input
- -A ufw-before-output -o lo -j ACCEPT
- -A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A ufw-before-output -j ufw-user-output
- -A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
- -A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
- -A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
- -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
- -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
- -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
- -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
- -A ufw-not-local -j DROP
- -A ufw-skip-to-policy-forward -j DROP
- -A ufw-skip-to-policy-input -j DROP
- -A ufw-skip-to-policy-output -j ACCEPT
- -A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
- -A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
- -A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
- -A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
- -A ufw-user-input -p tcp -m tcp --dport 443 -j ACCEPT
- -A ufw-user-input -p tcp -m tcp --dport 25 -j ACCEPT
- -A ufw-user-input -p udp -m udp --dport 25 -j ACCEPT
- -A ufw-user-input -p tcp -m tcp --dport 587 -j ACCEPT
- -A ufw-user-input -p udp -m udp --dport 587 -j ACCEPT
- -A ufw-user-input -p tcp -m tcp --dport 110 -j ACCEPT
- -A ufw-user-input -p udp -m udp --dport 110 -j ACCEPT
- -A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
- -A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
- -A ufw-user-limit-accept -j ACCEPT
- COMMIT
- # Completed on Thu Oct 24 21:36:06 2019
- sudo ufw status
- Status: active
- To Action From
- -- ------ ----
- 22/tcp ALLOW Anywhere
- 80/tcp ALLOW Anywhere
- 443/tcp ALLOW Anywhere
- 25 ALLOW Anywhere
- 587 ALLOW Anywhere
- 110 ALLOW Anywhere
- 22/tcp (v6) ALLOW Anywhere (v6)
- 80/tcp (v6) ALLOW Anywhere (v6)
- 443/tcp (v6) ALLOW Anywhere (v6)
- 25 (v6) ALLOW Anywhere (v6)
- 587 (v6) ALLOW Anywhere (v6)
- 110 (v6) ALLOW Anywhere (v6)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement