API tools faq
paste
Guest User

Untitled

a guest
Jun 20th, 2019
218
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.29 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.4.21 on Thu Jun 20 08:28:50 2019
  2. *nat
  3. :PREROUTING ACCEPT [2192683:108413052]
  4. :INPUT ACCEPT [643832:21257005]
  5. :OUTPUT ACCEPT [63045:4622106]
  6. :POSTROUTING ACCEPT [78869:5466248]
  7. :DOCKER - [0:0]
  8. :OUTPUT_direct - [0:0]
  9. :POSTROUTING_ZONES - [0:0]
  10. :POSTROUTING_ZONES_SOURCE - [0:0]
  11. :POSTROUTING_direct - [0:0]
  12. :POST_public - [0:0]
  13. :POST_public_allow - [0:0]
  14. :POST_public_deny - [0:0]
  15. :POST_public_log - [0:0]
  16. :PREROUTING_ZONES - [0:0]
  17. :PREROUTING_ZONES_SOURCE - [0:0]
  18. :PREROUTING_direct - [0:0]
  19. :PRE_public - [0:0]
  20. :PRE_public_allow - [0:0]
  21. :PRE_public_deny - [0:0]
  22. :PRE_public_log - [0:0]
  23. -A PREROUTING -j PREROUTING_direct
  24. -A PREROUTING -j PREROUTING_ZONES_SOURCE
  25. -A PREROUTING -j PREROUTING_ZONES
  26. -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
  27. -A OUTPUT -j OUTPUT_direct
  28. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
  29. -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
  30. -A POSTROUTING -s 172.23.0.0/16 ! -o br-fff74fab8ec0 -j MASQUERADE
  31. -A POSTROUTING -s 172.18.0.0/16 ! -o br-1cf37af967cc -j MASQUERADE
  32. -A POSTROUTING -s 172.25.0.0/16 ! -o br-03f8fab54770 -j MASQUERADE
  33. -A POSTROUTING -j POSTROUTING_direct
  34. -A POSTROUTING -j POSTROUTING_ZONES_SOURCE
  35. -A POSTROUTING -j POSTROUTING_ZONES
  36. -A POSTROUTING -s 172.18.0.7/32 -d 172.18.0.7/32 -p tcp -m tcp --dport 443 -j MASQUERADE
  37. -A POSTROUTING -s 172.18.0.7/32 -d 172.18.0.7/32 -p tcp -m tcp --dport 80 -j MASQUERADE
  38. -A DOCKER -i docker0 -j RETURN
  39. -A DOCKER -i br-fff74fab8ec0 -j RETURN
  40. -A DOCKER -i br-1cf37af967cc -j RETURN
  41. -A DOCKER -i br-03f8fab54770 -j RETURN
  42. -A DOCKER ! -i br-1cf37af967cc -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.18.0.7:443
  43. -A DOCKER ! -i br-1cf37af967cc -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.18.0.7:80
  44. -A POSTROUTING_ZONES -o eth0 -g POST_public
  45. -A POSTROUTING_ZONES -g POST_public
  46. -A POST_public -j POST_public_log
  47. -A POST_public -j POST_public_deny
  48. -A POST_public -j POST_public_allow
  49. -A PREROUTING_ZONES -i eth0 -g PRE_public
  50. -A PREROUTING_ZONES -g PRE_public
  51. -A PRE_public -j PRE_public_log
  52. -A PRE_public -j PRE_public_deny
  53. -A PRE_public -j PRE_public_allow
  54. COMMIT
  55. # Completed on Thu Jun 20 08:28:50 2019
  56. # Generated by iptables-save v1.4.21 on Thu Jun 20 08:28:50 2019
  57. *mangle
  58. :PREROUTING ACCEPT [3257805:833396033]
  59. :INPUT ACCEPT [2577647:184053966]
  60. :FORWARD ACCEPT [680158:649342067]
  61. :OUTPUT ACCEPT [1305542:154372693]
  62. :POSTROUTING ACCEPT [1985700:803714760]
  63. :FORWARD_direct - [0:0]
  64. :INPUT_direct - [0:0]
  65. :OUTPUT_direct - [0:0]
  66. :POSTROUTING_direct - [0:0]
  67. :PREROUTING_ZONES - [0:0]
  68. :PREROUTING_ZONES_SOURCE - [0:0]
  69. :PREROUTING_direct - [0:0]
  70. :PRE_public - [0:0]
  71. :PRE_public_allow - [0:0]
  72. :PRE_public_deny - [0:0]
  73. :PRE_public_log - [0:0]
  74. -A PREROUTING -j PREROUTING_direct
  75. -A PREROUTING -j PREROUTING_ZONES_SOURCE
  76. -A PREROUTING -j PREROUTING_ZONES
  77. -A INPUT -j INPUT_direct
  78. -A FORWARD -j FORWARD_direct
  79. -A OUTPUT -j OUTPUT_direct
  80. -A POSTROUTING -j POSTROUTING_direct
  81. -A PREROUTING_ZONES -i eth0 -g PRE_public
  82. -A PREROUTING_ZONES -g PRE_public
  83. -A PRE_public -j PRE_public_log
  84. -A PRE_public -j PRE_public_deny
  85. -A PRE_public -j PRE_public_allow
  86. COMMIT
  87. # Completed on Thu Jun 20 08:28:50 2019
  88. # Generated by iptables-save v1.4.21 on Thu Jun 20 08:28:50 2019
  89. *security
  90. :INPUT ACCEPT [1012027:96118464]
  91. :FORWARD ACCEPT [680158:649342067]
  92. :OUTPUT ACCEPT [1305542:154372693]
  93. :FORWARD_direct - [0:0]
  94. :INPUT_direct - [0:0]
  95. :OUTPUT_direct - [0:0]
  96. -A INPUT -j INPUT_direct
  97. -A FORWARD -j FORWARD_direct
  98. -A OUTPUT -j OUTPUT_direct
  99. COMMIT
  100. # Completed on Thu Jun 20 08:28:50 2019
  101. # Generated by iptables-save v1.4.21 on Thu Jun 20 08:28:50 2019
  102. *raw
  103. :PREROUTING ACCEPT [3257805:833396033]
  104. :OUTPUT ACCEPT [1305542:154372693]
  105. :OUTPUT_direct - [0:0]
  106. :PREROUTING_ZONES - [0:0]
  107. :PREROUTING_ZONES_SOURCE - [0:0]
  108. :PREROUTING_direct - [0:0]
  109. :PRE_public - [0:0]
  110. :PRE_public_allow - [0:0]
  111. :PRE_public_deny - [0:0]
  112. :PRE_public_log - [0:0]
  113. -A PREROUTING -j PREROUTING_direct
  114. -A PREROUTING -j PREROUTING_ZONES_SOURCE
  115. -A PREROUTING -j PREROUTING_ZONES
  116. -A OUTPUT -j OUTPUT_direct
  117. -A PREROUTING_ZONES -i eth0 -g PRE_public
  118. -A PREROUTING_ZONES -g PRE_public
  119. -A PRE_public -j PRE_public_log
  120. -A PRE_public -j PRE_public_deny
  121. -A PRE_public -j PRE_public_allow
  122. COMMIT
  123. # Completed on Thu Jun 20 08:28:50 2019
  124. # Generated by iptables-save v1.4.21 on Thu Jun 20 08:28:50 2019
  125. *filter
  126. :INPUT ACCEPT [0:0]
  127. :FORWARD DROP [0:0]
  128. :OUTPUT ACCEPT [1298574:153648384]
  129. :DOCKER - [0:0]
  130. :DOCKER-ISOLATION-STAGE-1 - [0:0]
  131. :DOCKER-ISOLATION-STAGE-2 - [0:0]
  132. :DOCKER-USER - [0:0]
  133. :FORWARD_IN_ZONES - [0:0]
  134. :FORWARD_IN_ZONES_SOURCE - [0:0]
  135. :FORWARD_OUT_ZONES - [0:0]
  136. :FORWARD_OUT_ZONES_SOURCE - [0:0]
  137. :FORWARD_direct - [0:0]
  138. :FWDI_public - [0:0]
  139. :FWDI_public_allow - [0:0]
  140. :FWDI_public_deny - [0:0]
  141. :FWDI_public_log - [0:0]
  142. :FWDO_public - [0:0]
  143. :FWDO_public_allow - [0:0]
  144. :FWDO_public_deny - [0:0]
  145. :FWDO_public_log - [0:0]
  146. :INPUT_ZONES - [0:0]
  147. :INPUT_ZONES_SOURCE - [0:0]
  148. :INPUT_direct - [0:0]
  149. :IN_public - [0:0]
  150. :IN_public_allow - [0:0]
  151. :IN_public_deny - [0:0]
  152. :IN_public_log - [0:0]
  153. :OUTPUT_direct - [0:0]
  154. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  155. -A INPUT -i lo -j ACCEPT
  156. -A INPUT -j INPUT_direct
  157. -A INPUT -j INPUT_ZONES_SOURCE
  158. -A INPUT -j INPUT_ZONES
  159. -A INPUT -m conntrack --ctstate INVALID -j DROP
  160. -A INPUT -j REJECT --reject-with icmp-host-prohibited
  161. -A FORWARD -j DOCKER-USER
  162. -A FORWARD -j DOCKER-ISOLATION-STAGE-1
  163. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  164. -A FORWARD -o docker0 -j DOCKER
  165. -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  166. -A FORWARD -i docker0 -o docker0 -j ACCEPT
  167. -A FORWARD -o br-fff74fab8ec0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  168. -A FORWARD -o br-fff74fab8ec0 -j DOCKER
  169. -A FORWARD -i br-fff74fab8ec0 ! -o br-fff74fab8ec0 -j ACCEPT
  170. -A FORWARD -i br-fff74fab8ec0 -o br-fff74fab8ec0 -j ACCEPT
  171. -A FORWARD -o br-1cf37af967cc -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  172. -A FORWARD -o br-1cf37af967cc -j DOCKER
  173. -A FORWARD -i br-1cf37af967cc ! -o br-1cf37af967cc -j ACCEPT
  174. -A FORWARD -i br-1cf37af967cc -o br-1cf37af967cc -j ACCEPT
  175. -A FORWARD -o br-03f8fab54770 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  176. -A FORWARD -o br-03f8fab54770 -j DOCKER
  177. -A FORWARD -i br-03f8fab54770 ! -o br-03f8fab54770 -j ACCEPT
  178. -A FORWARD -i br-03f8fab54770 -o br-03f8fab54770 -j ACCEPT
  179. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  180. -A FORWARD -i lo -j ACCEPT
  181. -A FORWARD -j FORWARD_direct
  182. -A FORWARD -j FORWARD_IN_ZONES_SOURCE
  183. -A FORWARD -j FORWARD_IN_ZONES
  184. -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
  185. -A FORWARD -j FORWARD_OUT_ZONES
  186. -A FORWARD -m conntrack --ctstate INVALID -j DROP
  187. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  188. -A OUTPUT -j OUTPUT_direct
  189. -A DOCKER -d 172.18.0.7/32 ! -i br-1cf37af967cc -o br-1cf37af967cc -p tcp -m tcp --dport 443 -j ACCEPT
  190. -A DOCKER -d 172.18.0.7/32 ! -i br-1cf37af967cc -o br-1cf37af967cc -p tcp -m tcp --dport 80 -j ACCEPT
  191. -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
  192. -A DOCKER-ISOLATION-STAGE-1 -i br-fff74fab8ec0 ! -o br-fff74fab8ec0 -j DOCKER-ISOLATION-STAGE-2
  193. -A DOCKER-ISOLATION-STAGE-1 -i br-1cf37af967cc ! -o br-1cf37af967cc -j DOCKER-ISOLATION-STAGE-2
  194. -A DOCKER-ISOLATION-STAGE-1 -i br-03f8fab54770 ! -o br-03f8fab54770 -j DOCKER-ISOLATION-STAGE-2
  195. -A DOCKER-ISOLATION-STAGE-1 -j RETURN
  196. -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
  197. -A DOCKER-ISOLATION-STAGE-2 -o br-fff74fab8ec0 -j DROP
  198. -A DOCKER-ISOLATION-STAGE-2 -o br-1cf37af967cc -j DROP
  199. -A DOCKER-ISOLATION-STAGE-2 -o br-03f8fab54770 -j DROP
  200. -A DOCKER-ISOLATION-STAGE-2 -j RETURN
  201. -A DOCKER-USER -j RETURN
  202. -A FORWARD_IN_ZONES -i eth0 -g FWDI_public
  203. -A FORWARD_IN_ZONES -g FWDI_public
  204. -A FORWARD_OUT_ZONES -o eth0 -g FWDO_public
  205. -A FORWARD_OUT_ZONES -g FWDO_public
  206. -A FWDI_public -j FWDI_public_log
  207. -A FWDI_public -j FWDI_public_deny
  208. -A FWDI_public -j FWDI_public_allow
  209. -A FWDI_public -p icmp -j ACCEPT
  210. -A FWDO_public -j FWDO_public_log
  211. -A FWDO_public -j FWDO_public_deny
  212. -A FWDO_public -j FWDO_public_allow
  213. -A INPUT_ZONES -i eth0 -g IN_public
  214. -A INPUT_ZONES -g IN_public
  215. -A IN_public -j IN_public_log
  216. -A IN_public -j IN_public_deny
  217. -A IN_public -j IN_public_allow
  218. -A IN_public -p icmp -j ACCEPT
  219. -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
  220. COMMIT
  221. # Completed on Thu Jun 20 08:28:50 2019
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!