Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- fail2ban-apache-noscript tcp -- anywhere anywhere multiport dports www,https
- fail2ban-postfix tcp -- anywhere anywhere multiport dports smtp,ssmtp
- fail2ban-apache tcp -- anywhere anywhere multiport dports www,https
- fail2ban-sasl tcp -- anywhere anywhere multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
- fail2ban-ssh-ddos tcp -- anywhere anywhere multiport dports ssh
- fail2ban-vsftpd tcp -- anywhere anywhere multiport dports ftp,ftp-data,ftps,ftps-data
- fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
- fail2ban-apache-multiport tcp -- anywhere anywhere multiport dports www,https
- fail2ban-apache-overflows tcp -- anywhere anywhere multiport dports www,https
- fail2ban-pam-generic tcp -- anywhere anywhere
- DROP all -- 10.0.0.0/8 anywhere
- DROP all -- link-local/16 anywhere
- DROP all -- 172.16.0.0/12 anywhere
- DROP all -- loopback/8 anywhere
- DROP all -- base-address.mcast.net/4 anywhere
- DROP all -- anywhere base-address.mcast.net/4
- DROP all -- 240.0.0.0/5 anywhere
- DROP all -- anywhere 240.0.0.0/5
- DROP all -- default/8 anywhere
- DROP all -- anywhere default/8
- DROP all -- anywhere 239.255.255.0/24
- DROP all -- anywhere 255.255.255.255
- DROP icmp -- anywhere anywhere icmp address-mask-request
- DROP icmp -- anywhere anywhere icmp timestamp-request
- ACCEPT icmp -- anywhere anywhere icmp any limit: avg 1/sec burst 5
- DROP all -- anywhere anywhere state INVALID
- DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
- DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
- ACCEPT tcp -- anywhere anywhere tcp flags:RST/RST limit: avg 2/sec burst 2
- tcp -- anywhere anywhere state NEW tcp flags:FIN,SYN,RST,ACK/SYN recent: SET name: synflood side: source
- DROP tcp -- anywhere anywhere state NEW tcp flags:FIN,SYN,RST,ACK/SYN recent: UPDATE seconds: 1 hit_count: 20 name: synflood side: source
- DROP all -- anywhere anywhere recent: CHECK seconds: 86400 name: portscan side: source
- all -- anywhere anywhere recent: REMOVE name: portscan side: source
- LOG tcp -- anywhere anywhere tcp dpt:netbios-ssn recent: SET name: portscan side: source LOG level warning prefix `Portscan:'
- DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn recent: SET name: portscan side: source
- Chain FORWARD (policy ACCEPT)
- target prot opt source destination
- DROP all -- anywhere anywhere state INVALID
- DROP all -- anywhere anywhere recent: CHECK seconds: 86400 name: portscan side: source
- all -- anywhere anywhere recent: REMOVE name: portscan side: source
- LOG tcp -- anywhere anywhere tcp dpt:netbios-ssn recent: SET name: portscan side: source LOG level warning prefix `Portscan:'
- DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn recent: SET name: portscan side: source
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- DROP all -- anywhere anywhere state INVALID
- Chain fail2ban-apache (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- Chain fail2ban-apache-multiport (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- Chain fail2ban-apache-noscript (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- Chain fail2ban-apache-overflows (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- Chain fail2ban-pam-generic (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- Chain fail2ban-postfix (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- Chain fail2ban-sasl (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- Chain fail2ban-ssh (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- Chain fail2ban-ssh-ddos (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- Chain fail2ban-vsftpd (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
Add Comment
Please, Sign In to add comment