Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@EonTelco-srv1:~# iptables --list-rules
- -P INPUT ACCEPT
- -P FORWARD ACCEPT
- -P OUTPUT ACCEPT
- -N FORWARD_IN_ZONES
- -N FORWARD_IN_ZONES_SOURCE
- -N FORWARD_OUT_ZONES
- -N FORWARD_OUT_ZONES_SOURCE
- -N FORWARD_direct
- -N FWDI_public
- -N FWDI_public_allow
- -N FWDI_public_deny
- -N FWDI_public_log
- -N FWDO_public
- -N FWDO_public_allow
- -N FWDO_public_deny
- -N FWDO_public_log
- -N INPUT_ZONES
- -N INPUT_ZONES_SOURCE
- -N INPUT_direct
- -N IN_public
- -N IN_public_allow
- -N IN_public_deny
- -N IN_public_log
- -N OUTPUT_direct
- -N fail2ban-freeswitch
- -N fail2ban-fusionpbx
- -N fail2ban-fusionpbx-404
- -N fail2ban-fusionpbx-mac
- -N fail2ban-nginx-404
- -N fail2ban-nginx-dos
- -N fail2ban-sip-auth-challenge
- -N fail2ban-sip-auth-failure
- -N fail2ban-sshd
- -A INPUT -j fail2ban-sshd
- -A INPUT -j fail2ban-nginx-dos
- -A INPUT -j fail2ban-nginx-404
- -A INPUT -j fail2ban-fusionpbx-mac
- -A INPUT -j fail2ban-fusionpbx
- -A INPUT -j fail2ban-fusionpbx-404
- -A INPUT -j fail2ban-sip-auth-failure
- -A INPUT -j fail2ban-sip-auth-challenge
- -A INPUT -j fail2ban-freeswitch
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -j INPUT_direct
- -A INPUT -j INPUT_ZONES_SOURCE
- -A INPUT -j INPUT_ZONES
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i lo -j ACCEPT
- -A FORWARD -j FORWARD_direct
- -A FORWARD -j FORWARD_IN_ZONES_SOURCE
- -A FORWARD -j FORWARD_IN_ZONES
- -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
- -A FORWARD -j FORWARD_OUT_ZONES
- -A FORWARD -p icmp -j ACCEPT
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
- -A OUTPUT -j OUTPUT_direct
- -A FORWARD_IN_ZONES -g FWDI_public
- -A FORWARD_OUT_ZONES -g FWDO_public
- -A FWDI_public -j FWDI_public_log
- -A FWDI_public -j FWDI_public_deny
- -A FWDI_public -j FWDI_public_allow
- -A FWDO_public -j FWDO_public_log
- -A FWDO_public -j FWDO_public_deny
- -A FWDO_public -j FWDO_public_allow
- -A INPUT_ZONES -g IN_public
- -A IN_public -j IN_public_log
- -A IN_public -j IN_public_deny
- -A IN_public -j IN_public_allow
- -A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p udp -m udp --dport 5080 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p tcp -m tcp --dport 5061 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p tcp -m tcp --dport 5060 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p tcp -m tcp --dport 5081 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p tcp -m tcp --dport 5080 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p udp -m udp --dport 5061 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p udp -m udp --dport 5060 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p udp -m udp --dport 16384:32768 -m conntrack --ctstate NEW -j ACCEPT
- -A IN_public_allow -p udp -m udp --dport 5081 -m conntrack --ctstate NEW -j ACCEPT
- -A fail2ban-freeswitch -j RETURN
- -A fail2ban-fusionpbx -j RETURN
- -A fail2ban-fusionpbx-404 -j RETURN
- -A fail2ban-fusionpbx-mac -j RETURN
- -A fail2ban-nginx-404 -j RETURN
- -A fail2ban-nginx-dos -j RETURN
- -A fail2ban-sip-auth-challenge -j RETURN
- -A fail2ban-sip-auth-failure -j RETURN
- -A fail2ban-sshd -s 92.6.252.81/32 -j REJECT --reject-with icmp-port-unreachable
- -A fail2ban-sshd -s 73.53.95.248/32 -j REJECT --reject-with icmp-port-unreachable
- -A fail2ban-sshd -j RETURN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement