API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 18th, 2019
130
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.67 KB | None | 0 0
raw download clone embed print report
  1. -P INPUT DROP -c 16 1442
  2. -P FORWARD DROP -c 0 0
  3. -P OUTPUT ACCEPT -c 0 0
  4. -N DOCKER
  5. -N DOCKER-ISOLATION-STAGE-1
  6. -N DOCKER-ISOLATION-STAGE-2
  7. -N DOCKER-USER
  8. -N ufw-after-forward
  9. -N ufw-after-input
  10. -N ufw-after-logging-forward
  11. -N ufw-after-logging-input
  12. -N ufw-after-logging-output
  13. -N ufw-after-output
  14. -N ufw-before-forward
  15. -N ufw-before-input
  16. -N ufw-before-logging-forward
  17. -N ufw-before-logging-input
  18. -N ufw-before-logging-output
  19. -N ufw-before-output
  20. -N ufw-logging-allow
  21. -N ufw-logging-deny
  22. -N ufw-not-local
  23. -N ufw-reject-forward
  24. -N ufw-reject-input
  25. -N ufw-reject-output
  26. -N ufw-skip-to-policy-forward
  27. -N ufw-skip-to-policy-input
  28. -N ufw-skip-to-policy-output
  29. -N ufw-track-forward
  30. -N ufw-track-input
  31. -N ufw-track-output
  32. -N ufw-user-forward
  33. -N ufw-user-input
  34. -N ufw-user-limit
  35. -N ufw-user-limit-accept
  36. -N ufw-user-logging-forward
  37. -N ufw-user-logging-input
  38. -N ufw-user-logging-output
  39. -N ufw-user-output
  40. -A INPUT -c 476280 1664885264 -j ufw-before-logging-input
  41. -A INPUT -c 476280 1664885264 -j ufw-before-input
  42. -A INPUT -c 104744 20269506 -j ufw-after-input
  43. -A INPUT -c 58681 3081683 -j ufw-after-logging-input
  44. -A INPUT -c 58681 3081683 -j ufw-reject-input
  45. -A INPUT -c 58681 3081683 -j ufw-track-input
  46. -A INPUT -i tun0 -c 0 0 -j ACCEPT
  47. -A INPUT -i ens18 -p udp -m udp --dport 1194 -c 21 1032 -j ACCEPT
  48. -A FORWARD -c 374909 309140570 -j DOCKER-USER
  49. -A FORWARD -c 374909 309140570 -j DOCKER-ISOLATION-STAGE-1
  50. -A FORWARD -o br-7119b3a28dd1 -m conntrack --ctstate RELATED,ESTABLISHED -c 11 1792 -j ACCEPT
  51. -A FORWARD -o br-7119b3a28dd1 -c 2 120 -j DOCKER
  52. -A FORWARD -i br-7119b3a28dd1 ! -o br-7119b3a28dd1 -c 8 1992 -j ACCEPT
  53. -A FORWARD -i br-7119b3a28dd1 -o br-7119b3a28dd1 -c 0 0 -j ACCEPT
  54. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -c 68035 10398947 -j ACCEPT
  55. -A FORWARD -o docker0 -c 8079 460132 -j DOCKER
  56. -A FORWARD -i docker0 ! -o docker0 -c 61911 51234298 -j ACCEPT
  57. -A FORWARD -i docker0 -o docker0 -c 0 0 -j ACCEPT
  58. -A FORWARD -o br-1d68cb679fa0 -m conntrack --ctstate RELATED,ESTABLISHED -c 0 0 -j ACCEPT
  59. -A FORWARD -o br-1d68cb679fa0 -c 0 0 -j DOCKER
  60. -A FORWARD -i br-1d68cb679fa0 ! -o br-1d68cb679fa0 -c 0 0 -j ACCEPT
  61. -A FORWARD -i br-1d68cb679fa0 -o br-1d68cb679fa0 -c 0 0 -j ACCEPT
  62. -A FORWARD -c 238577 247774262 -j ufw-before-logging-forward
  63. -A FORWARD -c 238577 247774262 -j ufw-before-forward
  64. -A FORWARD -c 2813 397830 -j ufw-after-forward
  65. -A FORWARD -c 2813 397830 -j ufw-after-logging-forward
  66. -A FORWARD -c 2813 397830 -j ufw-reject-forward
  67. -A FORWARD -c 2813 397830 -j ufw-track-forward
  68. -A FORWARD -i ens18 -o tun0 -c 0 0 -j ACCEPT
  69. -A FORWARD -i tun0 -o ens18 -c 2813 397830 -j ACCEPT
  70. -A OUTPUT -c 329766 260918734 -j ufw-before-logging-output
  71. -A OUTPUT -c 329766 260918734 -j ufw-before-output
  72. -A OUTPUT -c 2046 142472 -j ufw-after-output
  73. -A OUTPUT -c 2046 142472 -j ufw-after-logging-output
  74. -A OUTPUT -c 2046 142472 -j ufw-reject-output
  75. -A OUTPUT -c 2046 142472 -j ufw-track-output
  76. -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -c 5879 341324 -j ACCEPT
  77. -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 15643 -c 26 1532 -j ACCEPT
  78. -A DOCKER-ISOLATION-STAGE-1 -i br-7119b3a28dd1 ! -o br-7119b3a28dd1 -c 8 1992 -j DOCKER-ISOLATION-STAGE-2
  79. -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -c 61911 51234298 -j DOCKER-ISOLATION-STAGE-2
  80. -A DOCKER-ISOLATION-STAGE-1 -i br-1d68cb679fa0 ! -o br-1d68cb679fa0 -c 0 0 -j DOCKER-ISOLATION-STAGE-2
  81. -A DOCKER-ISOLATION-STAGE-1 -c 443104 841261168 -j RETURN
  82. -A DOCKER-ISOLATION-STAGE-2 -o br-7119b3a28dd1 -c 0 0 -j DROP
  83. -A DOCKER-ISOLATION-STAGE-2 -o docker0 -c 0 0 -j DROP
  84. -A DOCKER-ISOLATION-STAGE-2 -o br-1d68cb679fa0 -c 0 0 -j DROP
  85. -A DOCKER-ISOLATION-STAGE-2 -c 87694 52739299 -j RETURN
  86. -A DOCKER-USER -c 443104 841261168 -j RETURN
  87. -A ufw-after-input -p udp -m udp --dport 137 -c 622 49164 -j ufw-skip-to-policy-input
  88. -A ufw-after-input -p udp -m udp --dport 138 -c 717 172526 -j ufw-skip-to-policy-input
  89. -A ufw-after-input -p tcp -m tcp --dport 139 -c 139 6336 -j ufw-skip-to-policy-input
  90. -A ufw-after-input -p tcp -m tcp --dport 445 -c 4863 213576 -j ufw-skip-to-policy-input
  91. -A ufw-after-input -p udp -m udp --dport 67 -c 39715 16745869 -j ufw-skip-to-policy-input
  92. -A ufw-after-input -p udp -m udp --dport 68 -c 1 28 -j ufw-skip-to-policy-input
  93. -A ufw-after-input -m addrtype --dst-type BROADCAST -c 6 324 -j ufw-skip-to-policy-input
  94. -A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -c 0 0 -j LOG --log-prefix "[UFW BLOCK] "
  95. -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -c 21 1659 -j LOG --log-prefix "[UFW BLOCK] "
  96. -A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -c 235764 247376432 -j ACCEPT
  97. -A ufw-before-forward -p icmp -m icmp --icmp-type 3 -c 0 0 -j ACCEPT
  98. -A ufw-before-forward -p icmp -m icmp --icmp-type 11 -c 0 0 -j ACCEPT
  99. -A ufw-before-forward -p icmp -m icmp --icmp-type 12 -c 0 0 -j ACCEPT
  100. -A ufw-before-forward -p icmp -m icmp --icmp-type 8 -c 0 0 -j ACCEPT
  101. -A ufw-before-forward -c 2813 397830 -j ufw-user-forward
  102. -A ufw-before-input -i lo -c 5933 502716 -j ACCEPT
  103. -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -c 359745 1643798326 -j ACCEPT
  104. -A ufw-before-input -m conntrack --ctstate INVALID -c 1091 55240 -j ufw-logging-deny
  105. -A ufw-before-input -m conntrack --ctstate INVALID -c 1091 55240 -j DROP
  106. -A ufw-before-input -p icmp -m icmp --icmp-type 3 -c 0 0 -j ACCEPT
  107. -A ufw-before-input -p icmp -m icmp --icmp-type 11 -c 0 0 -j ACCEPT
  108. -A ufw-before-input -p icmp -m icmp --icmp-type 12 -c 0 0 -j ACCEPT
  109. -A ufw-before-input -p icmp -m icmp --icmp-type 8 -c 2572 123732 -j ACCEPT
  110. -A ufw-before-input -p udp -m udp --sport 67 --dport 68 -c 0 0 -j ACCEPT
  111. -A ufw-before-input -c 106939 20405250 -j ufw-not-local
  112. -A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -c 0 0 -j ACCEPT
  113. -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -c 0 0 -j ACCEPT
  114. -A ufw-before-input -c 106939 20405250 -j ufw-user-input
  115. -A ufw-before-output -o lo -c 5933 502716 -j ACCEPT
  116. -A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -c 321787 260273546 -j ACCEPT
  117. -A ufw-before-output -c 2046 142472 -j ufw-user-output
  118. -A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -c 0 0 -j LOG --log-prefix "[UFW ALLOW] "
  119. -A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -c 0 0 -j RETURN
  120. -A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -c 0 0 -j LOG --log-prefix "[UFW BLOCK] "
  121. -A ufw-not-local -m addrtype --dst-type LOCAL -c 65957 3443351 -j RETURN
  122. -A ufw-not-local -m addrtype --dst-type MULTICAST -c 0 0 -j RETURN
  123. -A ufw-not-local -m addrtype --dst-type BROADCAST -c 40982 16961899 -j RETURN
  124. -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -c 0 0 -j ufw-logging-deny
  125. -A ufw-not-local -c 0 0 -j DROP
  126. -A ufw-skip-to-policy-forward -c 0 0 -j DROP
  127. -A ufw-skip-to-policy-input -c 46063 17187823 -j DROP
  128. -A ufw-skip-to-policy-output -c 0 0 -j ACCEPT
  129. -A ufw-track-output -p tcp -m conntrack --ctstate NEW -c 881 52860 -j ACCEPT
  130. -A ufw-track-output -p udp -m conntrack --ctstate NEW -c 1161 87800 -j ACCEPT
  131. -A ufw-user-input -p tcp -m tcp --dport 8022 -c 0 0 -j ACCEPT
  132. -A ufw-user-input -p udp -m udp --dport 8022 -c 0 0 -j ACCEPT
  133. -A ufw-user-input -p tcp -m tcp --dport 15643 -c 0 0 -j ACCEPT
  134. -A ufw-user-input -p udp -m udp --dport 15643 -c 0 0 -j ACCEPT
  135. -A ufw-user-input -p tcp -m tcp --dport 8080 -c 0 0 -j ACCEPT
  136. -A ufw-user-input -p udp -m udp --dport 8080 -c 0 0 -j ACCEPT
  137. -A ufw-user-input -p tcp -m tcp --dport 25 -c 0 0 -j DROP
  138. -A ufw-user-input -p udp -m udp --dport 25 -c 0 0 -j DROP
  139. -A ufw-user-input -p tcp -m tcp --dport 465 -c 0 0 -j DROP
  140. -A ufw-user-input -p udp -m udp --dport 465 -c 0 0 -j DROP
  141. -A ufw-user-input -p tcp -m tcp --dport 587 -c 0 0 -j DROP
  142. -A ufw-user-input -p udp -m udp --dport 587 -c 0 0 -j DROP
  143. -A ufw-user-input -p tcp -m tcp --dport 143 -c 0 0 -j DROP
  144. -A ufw-user-input -p udp -m udp --dport 143 -c 0 0 -j DROP
  145. -A ufw-user-input -p tcp -m tcp --dport 993 -c 0 0 -j DROP
  146. -A ufw-user-input -p udp -m udp --dport 993 -c 0 0 -j DROP
  147. -A ufw-user-input -p tcp -m tcp --dport 110 -c 0 0 -j DROP
  148. -A ufw-user-input -p udp -m udp --dport 110 -c 0 0 -j DROP
  149. -A ufw-user-input -p tcp -m tcp --dport 995 -c 0 0 -j DROP
  150. -A ufw-user-input -p udp -m udp --dport 995 -c 0 0 -j DROP
  151. -A ufw-user-input -p tcp -m tcp --dport 4190 -c 0 0 -j DROP
  152. -A ufw-user-input -p udp -m udp --dport 4190 -c 0 0 -j DROP
  153. -A ufw-user-input -p tcp -m tcp --dport 80 -m comment --comment "\'dapp_Nginx%20HTTP\'" -c 9 540 -j ACCEPT
  154. -A ufw-user-limit -m limit --limit 3/min -c 0 0 -j LOG --log-prefix "[UFW LIMIT BLOCK] "
  155. -A ufw-user-limit -c 0 0 -j REJECT --reject-with icmp-port-unreachable
  156. -A ufw-user-limit-accept -c 0 0 -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!