FusionPBX-iptables

1. root@EonTelco-srv1:~# iptables --list-rules
2. -P INPUT ACCEPT
3. -P FORWARD ACCEPT
4. -P OUTPUT ACCEPT
5. -N FORWARD_IN_ZONES
6. -N FORWARD_IN_ZONES_SOURCE
7. -N FORWARD_OUT_ZONES
8. -N FORWARD_OUT_ZONES_SOURCE
9. -N FORWARD_direct
10. -N FWDI_public
11. -N FWDI_public_allow
12. -N FWDI_public_deny
13. -N FWDI_public_log
14. -N FWDO_public
15. -N FWDO_public_allow
16. -N FWDO_public_deny
17. -N FWDO_public_log
18. -N INPUT_ZONES
19. -N INPUT_ZONES_SOURCE
20. -N INPUT_direct
21. -N IN_public
22. -N IN_public_allow
23. -N IN_public_deny
24. -N IN_public_log
25. -N OUTPUT_direct
26. -N fail2ban-freeswitch
27. -N fail2ban-fusionpbx
28. -N fail2ban-fusionpbx-404
29. -N fail2ban-fusionpbx-mac
30. -N fail2ban-nginx-404
31. -N fail2ban-nginx-dos
32. -N fail2ban-sip-auth-challenge
33. -N fail2ban-sip-auth-failure
34. -N fail2ban-sshd
35. -A INPUT -j fail2ban-sshd
36. -A INPUT -j fail2ban-nginx-dos
37. -A INPUT -j fail2ban-nginx-404
38. -A INPUT -j fail2ban-fusionpbx-mac
39. -A INPUT -j fail2ban-fusionpbx
40. -A INPUT -j fail2ban-fusionpbx-404
41. -A INPUT -j fail2ban-sip-auth-failure
42. -A INPUT -j fail2ban-sip-auth-challenge
43. -A INPUT -j fail2ban-freeswitch
44. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
45. -A INPUT -i lo -j ACCEPT
46. -A INPUT -j INPUT_direct
47. -A INPUT -j INPUT_ZONES_SOURCE
48. -A INPUT -j INPUT_ZONES
49. -A INPUT -p icmp -j ACCEPT
50. -A INPUT -j REJECT --reject-with icmp-host-prohibited
51. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
52. -A FORWARD -i lo -j ACCEPT
53. -A FORWARD -j FORWARD_direct
54. -A FORWARD -j FORWARD_IN_ZONES_SOURCE
55. -A FORWARD -j FORWARD_IN_ZONES
56. -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
57. -A FORWARD -j FORWARD_OUT_ZONES
58. -A FORWARD -p icmp -j ACCEPT
59. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
60. -A OUTPUT -j OUTPUT_direct
61. -A FORWARD_IN_ZONES -g FWDI_public
62. -A FORWARD_OUT_ZONES -g FWDO_public
63. -A FWDI_public -j FWDI_public_log
64. -A FWDI_public -j FWDI_public_deny
65. -A FWDI_public -j FWDI_public_allow
66. -A FWDO_public -j FWDO_public_log
67. -A FWDO_public -j FWDO_public_deny
68. -A FWDO_public -j FWDO_public_allow
69. -A INPUT_ZONES -g IN_public
70. -A IN_public -j IN_public_log
71. -A IN_public -j IN_public_deny
72. -A IN_public -j IN_public_allow
73. -A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
74. -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
75. -A IN_public_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
76. -A IN_public_allow -p udp -m udp --dport 5080 -m conntrack --ctstate NEW -j ACCEPT
77. -A IN_public_allow -p tcp -m tcp --dport 5061 -m conntrack --ctstate NEW -j ACCEPT
78. -A IN_public_allow -p tcp -m tcp --dport 5060 -m conntrack --ctstate NEW -j ACCEPT
79. -A IN_public_allow -p tcp -m tcp --dport 5081 -m conntrack --ctstate NEW -j ACCEPT
80. -A IN_public_allow -p tcp -m tcp --dport 5080 -m conntrack --ctstate NEW -j ACCEPT
81. -A IN_public_allow -p udp -m udp --dport 5061 -m conntrack --ctstate NEW -j ACCEPT
82. -A IN_public_allow -p udp -m udp --dport 5060 -m conntrack --ctstate NEW -j ACCEPT
83. -A IN_public_allow -p udp -m udp --dport 16384:32768 -m conntrack --ctstate NEW -j ACCEPT
84. -A IN_public_allow -p udp -m udp --dport 5081 -m conntrack --ctstate NEW -j ACCEPT
85. -A fail2ban-freeswitch -j RETURN
86. -A fail2ban-fusionpbx -j RETURN
87. -A fail2ban-fusionpbx-404 -j RETURN
88. -A fail2ban-fusionpbx-mac -j RETURN
89. -A fail2ban-nginx-404 -j RETURN
90. -A fail2ban-nginx-dos -j RETURN
91. -A fail2ban-sip-auth-challenge -j RETURN
92. -A fail2ban-sip-auth-failure -j RETURN
93. -A fail2ban-sshd -s 92.6.252.81/32 -j REJECT --reject-with icmp-port-unreachable
94. -A fail2ban-sshd -s 73.53.95.248/32 -j REJECT --reject-with icmp-port-unreachable
95. -A fail2ban-sshd -j RETURN