Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *mangle
- :PREROUTING ACCEPT [5685:557690]
- :INPUT ACCEPT [5685:557690]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [4995:428281]
- :POSTROUTING ACCEPT [5155:469161]
- -A PREROUTING -m conntrack --ctstate INVALID -j DROP
- -A PREROUTING -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j DROP
- -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,PSH,URG -j DROP
- -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
- COMMIT
- # Completed on Mon May 20 06:35:24 2019
- # Generated by iptables-save v1.6.1 on Mon May 20 06:35:24 2019
- *filter
- :INPUT DROP [954:148824]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [4999:429049]
- :port-scanning - [0:0]
- -A INPUT -i lo -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -i tun0 -p icmp -j ACCEPT
- -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/sec --limit-burst 20 -j ACCEPT
- -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
- -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
- -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 --name DEFAULT --mask 255.255.255.255 --rsource -j DROP
- -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
- -A port-scanning -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec --limit-burst 2 -j RETURN
- -A port-scanning -j DROP
- COMMIT
- # Completed on Mon May 20 06:35:24 2019
- # Generated by iptables-save v1.6.1 on Mon May 20 06:35:24 2019
- *nat
- :PREROUTING ACCEPT [961:149200]
- :INPUT ACCEPT [7:376]
- :OUTPUT ACCEPT [643:71082]
- :POSTROUTING DROP [803:111962]
- COMMIT
- # Completed on Mon May 20 06:35:24 2019
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement