Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- iptables-save
- # Generated by iptables-save v1.4.21 on Sun Sep 23 23:56:03 2018
- *security
- :INPUT ACCEPT [326566:104515603]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [341384:197219549]
- COMMIT
- # Completed on Sun Sep 23 23:56:03 2018
- # Generated by iptables-save v1.4.21 on Sun Sep 23 23:56:03 2018
- *raw
- :PREROUTING ACCEPT [344731:105476093]
- :OUTPUT ACCEPT [341385:197219717]
- COMMIT
- # Completed on Sun Sep 23 23:56:03 2018
- # Generated by iptables-save v1.4.21 on Sun Sep 23 23:56:03 2018
- *nat
- :PREROUTING ACCEPT [26157:1403594]
- :INPUT ACCEPT [8161:453356]
- :OUTPUT ACCEPT [20698:1441595]
- :POSTROUTING ACCEPT [20698:1441595]
- COMMIT
- # Completed on Sun Sep 23 23:56:03 2018
- # Generated by iptables-save v1.4.21 on Sun Sep 23 23:56:03 2018
- *mangle
- :PREROUTING ACCEPT [344731:105476093]
- :INPUT ACCEPT [344731:105476093]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [341385:197219717]
- :POSTROUTING ACCEPT [341385:197219717]
- COMMIT
- # Completed on Sun Sep 23 23:56:03 2018
- # Generated by iptables-save v1.4.21 on Sun Sep 23 23:56:03 2018
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [51:12904]
- :INBOUND - [0:0]
- -A INPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
- -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -s 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
- -A INPUT -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 3306 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7
- -A INPUT -p tcp -m tcp --dport 993 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 110 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 995 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 143 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
- -A INPUT -j LOG
- -A INPUT -j LOG --log-prefix "BAD_INPUT: "
- -A INPUT -j LOG --log-prefix "BAD_INPUT: " --log-level 7
- -A INPUT -j LOG --log-prefix "BAD_INPUT: " --log-level 7
- -A INPUT -j LOG --log-prefix "BAD_INPUT: "
- -A INPUT -p tcp -j LOG --log-prefix " INPUT TCP "
- -A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -j INBOUND
- -A INPUT -j REJECT --reject-with icmp-port-unreachable
- -A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7
- -A FORWARD -j REJECT --reject-with icmp-port-unreachable
- -A FORWARD -j LOG --log-prefix "BAD_FORWARD: "
- -A FORWARD -j LOG --log-prefix "BAD_FORWARD: " --log-level 7
- -A OUTPUT -p tcp -m tcp --sport 993 -m conntrack --ctstate ESTABLISHED -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 110 -m conntrack --ctstate ESTABLISHED -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 995 -m conntrack --ctstate ESTABLISHED -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 143 -m conntrack --ctstate ESTABLISHED -j ACCEPT
- -A OUTPUT -j LOG --log-prefix "BAD_OUTPUT: "
- -A OUTPUT -j LOG --log-prefix "BAD_OUTPUT: " --log-level 7
- -A INBOUND -p tcp -j LOG --log-prefix " INBOUND TCP "
- -A INBOUND -p tcp -j ACCEPT
- COMMIT
- # Completed on Sun Sep 23 23:56:03 2018
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
