API tools faq
paste
Advertisement
Guest User

Whonix Gateway 15 qube iptables rules

a guest
Jun 3rd, 2021
24
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.09 KB | None | 0 0
raw download clone embed print report
  1. root@host:/home/user# iptables -L
  2. Chain INPUT (policy DROP)
  3. target prot opt source destination
  4. DROP all -- anywhere anywhere ctstate INVALID
  5. DROP all -- anywhere anywhere state INVALID
  6. DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK
  7. DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
  8. DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
  9. DROP all -f anywhere anywhere
  10. DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
  11. DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
  12. ACCEPT tcp -- anywhere anywhere tcp dpt:8082
  13. ACCEPT all -- anywhere anywhere
  14. ACCEPT all -- anywhere anywhere state ESTABLISHED
  15. DROP icmp -- anywhere anywhere
  16. ACCEPT udp -- anywhere anywhere udp dpt:5300
  17. ACCEPT tcp -- anywhere anywhere tcp dpt:9040
  18. ACCEPT tcp -- anywhere anywhere tcp dpt:9051
  19. ACCEPT tcp -- anywhere anywhere tcp dpt:9050
  20. ACCEPT tcp -- anywhere anywhere tcp dpt:9100
  21. ACCEPT tcp -- anywhere anywhere tcp dpt:bacula-dir
  22. ACCEPT tcp -- anywhere anywhere tcp dpt:bacula-fd
  23. ACCEPT tcp -- anywhere anywhere tcp dpt:bacula-sd
  24. ACCEPT tcp -- anywhere anywhere tcp dpt:9104
  25. ACCEPT tcp -- anywhere anywhere tcp dpt:9105
  26. ACCEPT tcp -- anywhere anywhere tcp dpt:9106
  27. ACCEPT tcp -- anywhere anywhere tcp dpt:9107
  28. ACCEPT tcp -- anywhere anywhere tcp dpt:9108
  29. ACCEPT tcp -- anywhere anywhere tcp dpt:9109
  30. ACCEPT tcp -- anywhere anywhere tcp dpt:9110
  31. ACCEPT tcp -- anywhere anywhere tcp dpt:9111
  32. ACCEPT tcp -- anywhere anywhere tcp dpt:9114
  33. ACCEPT tcp -- anywhere anywhere tcp dpt:9115
  34. ACCEPT tcp -- anywhere anywhere tcp dpt:9117
  35. ACCEPT tcp -- anywhere anywhere tcp dpt:9118
  36. ACCEPT tcp -- anywhere anywhere tcp dpt:9122
  37. ACCEPT tcp -- anywhere anywhere tcp dpt:9123
  38. ACCEPT tcp -- anywhere anywhere tcp dpt:9124
  39. ACCEPT tcp -- anywhere anywhere tcp dpt:9125
  40. ACCEPT tcp -- anywhere anywhere tcp dpt:9150
  41. ACCEPT tcp -- anywhere anywhere multiport dports 9152:9189
  42. DROP all -- anywhere anywhere
  43.  
  44. Chain FORWARD (policy DROP)
  45. target prot opt source destination
  46. REJECT all -- anywhere anywhere reject-with icmp-admin-prohibited
  47.  
  48. Chain OUTPUT (policy DROP)
  49. target prot opt source destination
  50. ACCEPT tcp -- anywhere anywhere tcp spt:8082
  51. ACCEPT udp -- anywhere localhost owner UID match tinyproxy ctstate NEW udp dpt:5400
  52. ACCEPT tcp -- anywhere localhost owner UID match tinyproxy ctstate NEW tcp dpt:9041
  53. REJECT all -- anywhere anywhere ctstate INVALID reject-with icmp-admin-prohibited
  54. REJECT all -- anywhere anywhere state INVALID reject-with icmp-admin-prohibited
  55. REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK reject-with icmp-admin-prohibited
  56. REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN reject-with icmp-admin-prohibited
  57. REJECT tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST reject-with icmp-admin-prohibited
  58. REJECT all -f anywhere anywhere reject-with icmp-admin-prohibited
  59. REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG reject-with icmp-admin-prohibited
  60. REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE reject-with icmp-admin-prohibited
  61. ACCEPT all -- anywhere anywhere state ESTABLISHED
  62. ACCEPT all -- anywhere anywhere
  63. ACCEPT all -- anywhere anywhere owner UID match clearnet
  64. ACCEPT all -- anywhere anywhere owner UID match tunnel
  65. ACCEPT all -- anywhere anywhere owner UID match debian-tor
  66. REJECT all -- anywhere anywhere reject-with icmp-admin-prohibited
  67. root@host:/home/user# iptables -t nat -L
  68. Chain PREROUTING (policy ACCEPT)
  69. target prot opt source destination
  70. PR-QBS-SERVICES all -- anywhere anywhere
  71. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9051 redir ports 9051
  72. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9051 redir ports 9051
  73. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9051 redir ports 9051
  74. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9050 redir ports 9050
  75. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9050 redir ports 9050
  76. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9050 redir ports 9050
  77. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9100 redir ports 9100
  78. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9100 redir ports 9100
  79. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9100 redir ports 9100
  80. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:bacula-dir redir ports 9101
  81. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:bacula-dir redir ports 9101
  82. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:bacula-dir redir ports 9101
  83. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:bacula-fd redir ports 9102
  84. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:bacula-fd redir ports 9102
  85. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:bacula-fd redir ports 9102
  86. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:bacula-sd redir ports 9103
  87. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:bacula-sd redir ports 9103
  88. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:bacula-sd redir ports 9103
  89. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9104 redir ports 9104
  90. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9104 redir ports 9104
  91. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9104 redir ports 9104
  92. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9105 redir ports 9105
  93. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9105 redir ports 9105
  94. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9105 redir ports 9105
  95. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9106 redir ports 9106
  96. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9106 redir ports 9106
  97. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9106 redir ports 9106
  98. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9107 redir ports 9107
  99. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9107 redir ports 9107
  100. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9107 redir ports 9107
  101. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9108 redir ports 9108
  102. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9108 redir ports 9108
  103. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9108 redir ports 9108
  104. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9109 redir ports 9109
  105. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9109 redir ports 9109
  106. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9109 redir ports 9109
  107. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9110 redir ports 9110
  108. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9110 redir ports 9110
  109. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9110 redir ports 9110
  110. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9111 redir ports 9111
  111. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9111 redir ports 9111
  112. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9111 redir ports 9111
  113. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9114 redir ports 9114
  114. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9114 redir ports 9114
  115. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9114 redir ports 9114
  116. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9115 redir ports 9115
  117. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9115 redir ports 9115
  118. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9115 redir ports 9115
  119. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9117 redir ports 9117
  120. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9117 redir ports 9117
  121. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9117 redir ports 9117
  122. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9118 redir ports 9118
  123. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9118 redir ports 9118
  124. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9118 redir ports 9118
  125. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9122 redir ports 9122
  126. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9122 redir ports 9122
  127. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9122 redir ports 9122
  128. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9123 redir ports 9123
  129. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9123 redir ports 9123
  130. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9123 redir ports 9123
  131. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9124 redir ports 9124
  132. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9124 redir ports 9124
  133. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9124 redir ports 9124
  134. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9125 redir ports 9125
  135. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9125 redir ports 9125
  136. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9125 redir ports 9125
  137. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpt:9150 redir ports 9150
  138. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpt:9150 redir ports 9150
  139. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpt:9150 redir ports 9150
  140. REDIRECT tcp -- anywhere 10.137.0.0/16 tcp dpts:9152:9189
  141. REDIRECT tcp -- anywhere 10.138.0.0/16 tcp dpts:9152:9189
  142. REDIRECT tcp -- anywhere 10.152.152.10 tcp dpts:9152:9189
  143. REDIRECT udp -- anywhere anywhere udp dpt:domain redir ports 5300
  144. REDIRECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN redir ports 9040
  145.  
  146. Chain INPUT (policy ACCEPT)
  147. target prot opt source destination
  148.  
  149. Chain POSTROUTING (policy ACCEPT)
  150. target prot opt source destination
  151.  
  152. Chain OUTPUT (policy ACCEPT)
  153. target prot opt source destination
  154. DNAT udp -- anywhere anywhere owner UID match tinyproxy ctstate NEW to:127.0.0.1:5400
  155. DNAT tcp -- anywhere anywhere owner UID match tinyproxy ctstate NEW to:127.0.0.1:9041
  156. RETURN all -- anywhere anywhere owner UID match clearnet
  157. RETURN all -- anywhere anywhere owner UID match tunnel
  158. RETURN all -- anywhere anywhere owner UID match debian-tor
  159.  
  160. Chain PR-QBS-SERVICES (1 references)
  161. target prot opt source destination
  162. REDIRECT tcp -- anywhere 10.137.255.254 tcp dpt:8082
  163.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!