API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 20th, 2019
128
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.40 KB | None | 0 0
raw download clone embed print report
  1. root@M14EBR:~# iptables -L
  2. Chain INPUT (policy ACCEPT)
  3. target prot opt source destination
  4. ACCEPT udp -- anywhere anywhere udp dpt:domain
  5. ACCEPT tcp -- anywhere anywhere tcp dpt:domain
  6. ACCEPT udp -- anywhere anywhere udp dpt:bootps
  7. ACCEPT tcp -- anywhere anywhere tcp dpt:67
  8.  
  9. Chain FORWARD (policy ACCEPT)
  10. target prot opt source destination
  11. ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
  12. ACCEPT all -- 192.168.122.0/24 anywhere
  13. ACCEPT all -- anywhere anywhere
  14. REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
  15. REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
  16. REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
  17.  
  18. Chain OUTPUT (policy ACCEPT)
  19. target prot opt source destination
  20. ACCEPT udp -- anywhere anywhere udp dpt:bootpc
  21. # Warning: iptables-legacy tables present, use iptables-legacy to see them
  22.  
  23. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  24. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  25. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  26. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  27. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  28.  
  29. root@M14EBR:~# iptables-legacy -L
  30. Chain INPUT (policy ACCEPT)
  31. target prot opt source destination
  32.  
  33. Chain FORWARD (policy DROP)
  34. target prot opt source destination
  35. DOCKER-USER all -- anywhere anywhere
  36. DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
  37. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
  38. DOCKER all -- anywhere anywhere
  39. ACCEPT all -- anywhere anywhere
  40. ACCEPT all -- anywhere anywhere
  41.  
  42. Chain OUTPUT (policy ACCEPT)
  43. target prot opt source destination
  44.  
  45. Chain DOCKER (1 references)
  46. target prot opt source destination
  47.  
  48. Chain DOCKER-ISOLATION-STAGE-1 (1 references)
  49. target prot opt source destination
  50. DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
  51. RETURN all -- anywhere anywhere
  52.  
  53. Chain DOCKER-ISOLATION-STAGE-2 (1 references)
  54. target prot opt source destination
  55. DROP all -- anywhere anywhere
  56. RETURN all -- anywhere anywhere
  57.  
  58. Chain DOCKER-USER (1 references)
  59. target prot opt source destination
  60. RETURN all -- anywhere anywhere
  61.  
  62. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  63. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  64. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  65. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  66. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  67.  
  68. root@M14EBR:~# iptables-save
  69. # Generated by xtables-save v1.8.2 on Wed Feb 20 15:00:24 2019
  70. *filter
  71. :INPUT ACCEPT [0:0]
  72. :FORWARD ACCEPT [0:0]
  73. :OUTPUT ACCEPT [0:0]
  74. -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
  75. -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
  76. -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
  77. -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
  78. -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  79. -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
  80. -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
  81. -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
  82. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
  83. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
  84. -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
  85. COMMIT
  86. # Completed on Wed Feb 20 15:00:24 2019
  87. # Generated by xtables-save v1.8.2 on Wed Feb 20 15:00:24 2019
  88. *nat
  89. :PREROUTING ACCEPT [0:0]
  90. :INPUT ACCEPT [0:0]
  91. :POSTROUTING ACCEPT [0:0]
  92. :OUTPUT ACCEPT [0:0]
  93. -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
  94. -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
  95. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
  96. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
  97. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
  98. COMMIT
  99. # Completed on Wed Feb 20 15:00:24 2019
  100. # Generated by xtables-save v1.8.2 on Wed Feb 20 15:00:24 2019
  101. *mangle
  102. :PREROUTING ACCEPT [0:0]
  103. :INPUT ACCEPT [0:0]
  104. :FORWARD ACCEPT [0:0]
  105. :OUTPUT ACCEPT [0:0]
  106. :POSTROUTING ACCEPT [0:0]
  107. -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
  108. COMMIT
  109. # Completed on Wed Feb 20 15:00:24 2019
  110. # Warning: iptables-legacy tables present, use iptables-legacy-save to see them
  111.  
  112.  
  113. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  114. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  115. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  116. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  117. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  118.  
  119. root@M14EBR:~# iptables-save
  120. # Generated by xtables-save v1.8.2 on Wed Feb 20 15:00:24 2019
  121. *filter
  122. :INPUT ACCEPT [0:0]
  123. :FORWARD ACCEPT [0:0]
  124. :OUTPUT ACCEPT [0:0]
  125. -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
  126. -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
  127. -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
  128. -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
  129. -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  130. -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
  131. -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
  132. -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
  133. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
  134. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
  135. -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
  136. COMMIT
  137. # Completed on Wed Feb 20 15:00:24 2019
  138. # Generated by xtables-save v1.8.2 on Wed Feb 20 15:00:24 2019
  139. *nat
  140. :PREROUTING ACCEPT [0:0]
  141. :INPUT ACCEPT [0:0]
  142. :POSTROUTING ACCEPT [0:0]
  143. :OUTPUT ACCEPT [0:0]
  144. -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
  145. -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
  146. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
  147. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
  148. -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
  149. COMMIT
  150. # Completed on Wed Feb 20 15:00:24 2019
  151. # Generated by xtables-save v1.8.2 on Wed Feb 20 15:00:24 2019
  152. *mangle
  153. :PREROUTING ACCEPT [0:0]
  154. :INPUT ACCEPT [0:0]
  155. :FORWARD ACCEPT [0:0]
  156. :OUTPUT ACCEPT [0:0]
  157. :POSTROUTING ACCEPT [0:0]
  158. -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
  159. COMMIT
  160. # Completed on Wed Feb 20 15:00:24 2019
  161. # Warning: iptables-legacy tables present, use iptables-legacy-save to see them
  162. root@M14EBR:~# iptables-legacy-save
  163. # Generated by iptables-save v1.8.2 on Wed Feb 20 15:00:59 2019
  164. *nat
  165. :PREROUTING ACCEPT [7972:543926]
  166. :INPUT ACCEPT [813:124881]
  167. :OUTPUT ACCEPT [1694:129182]
  168. :POSTROUTING ACCEPT [1694:129182]
  169. :DOCKER - [0:0]
  170. -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
  171. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
  172. -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
  173. -A DOCKER -i docker0 -j RETURN
  174. COMMIT
  175. # Completed on Wed Feb 20 15:00:59 2019
  176. # Generated by iptables-save v1.8.2 on Wed Feb 20 15:00:59 2019
  177. *filter
  178. :INPUT ACCEPT [81155:173771982]
  179. :FORWARD DROP [2354:185837]
  180. :OUTPUT ACCEPT [61141:108408359]
  181. :DOCKER - [0:0]
  182. :DOCKER-ISOLATION-STAGE-1 - [0:0]
  183. :DOCKER-ISOLATION-STAGE-2 - [0:0]
  184. :DOCKER-USER - [0:0]
  185. -A FORWARD -j DOCKER-USER
  186. -A FORWARD -j DOCKER-ISOLATION-STAGE-1
  187. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  188. -A FORWARD -o docker0 -j DOCKER
  189. -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  190. -A FORWARD -i docker0 -o docker0 -j ACCEPT
  191. -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
  192. -A DOCKER-ISOLATION-STAGE-1 -j RETURN
  193. -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
  194. -A DOCKER-ISOLATION-STAGE-2 -j RETURN
  195. -A DOCKER-USER -j RETURN
  196. COMMIT
  197. # Completed on Wed Feb 20 15:00:59 2019
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!