Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Generated by iptables-save v1.3.6 on Sun Jul 24 22:26:05 2011
- *mangle
- :PREROUTING ACCEPT [524022091:258131213068]
- :INPUT ACCEPT [246743216:78638830887]
- :FORWARD ACCEPT [277262267:179491444738]
- :OUTPUT ACCEPT [224716191:223343817740]
- :POSTROUTING ACCEPT [135705450:103595191361]
- :high - [0:0]
- :normal - [0:0]
- :unknown - [0:0]
- -A PREROUTING -m layer7 --l7proto ssh -j MARK --set-mark 0xa
- -A POSTROUTING -j CONNMARK --restore-mark
- -A POSTROUTING -m mark ! --mark 0x0 -m mark ! --mark 0x5 -j ACCEPT
- -A POSTROUTING -m layer7 --l7proto ssh -j MARK --set-mark 0xa
- -A POSTROUTING -m layer7 --l7proto sip -j MARK --set-mark 0xa
- -A POSTROUTING -m layer7 --l7proto dns -j MARK --set-mark 0xa
- -A POSTROUTING -p icmp -j MARK --set-mark 0xa
- -A POSTROUTING -m layer7 --l7proto jabber -j MARK --set-mark 0x14
- -A POSTROUTING -m layer7 --l7proto msnmessenger -j MARK --set-mark 0x14
- -A POSTROUTING -m layer7 --l7proto yahoo -j MARK --set-mark 0x14
- -A POSTROUTING -m layer7 --l7proto aim -j MARK --set-mark 0x14
- -A POSTROUTING -m layer7 --l7proto http -j MARK --set-mark 0x14
- -A POSTROUTING -m layer7 --l7proto ssl -j MARK --set-mark 0x14
- -A POSTROUTING -m layer7 --l7proto smtp -j MARK --set-mark 0x14
- -A POSTROUTING -m layer7 --l7proto imap -j MARK --set-mark 0x14
- -A POSTROUTING -m layer7 --l7proto pop3 -j MARK --set-mark 0x14
- -A POSTROUTING -m layer7 --l7proto nntp -j MARK --set-mark 0x1e
- -A POSTROUTING -m layer7 --l7proto ftp -j MARK --set-mark 0x1e
- -A POSTROUTING -m layer7 --l7proto unset -j MARK --set-mark 0x5
- -A POSTROUTING -m layer7 --l7proto unknown -j MARK --set-mark 0xf
- -A POSTROUTING -m mark --mark 0xf -j unknown
- -A POSTROUTING -m mark --mark 0xa -j high
- -A POSTROUTING -m mark --mark 0x14 -j normal
- -A POSTROUTING -j CONNMARK --save-mark
- COMMIT
- # Completed on Sun Jul 24 22:26:05 2011
- # Generated by iptables-save v1.3.6 on Sun Jul 24 22:26:05 2011
- *nat
- :PREROUTING ACCEPT [31045697:3851644635]
- :POSTROUTING ACCEPT [304408:19004438]
- :OUTPUT ACCEPT [5200956:533603656]
- -A PREROUTING -i eth0 -p tcp -m tcp --dport 8081 -j DNAT --to-destination 192.168.1.10:8081
- -A PREROUTING -i eth0 -p tcp -m tcp --dport 5545 -j DNAT --to-destination 192.168.1.10:5545
- -A PREROUTING -i eth0 -p udp -m udp --dport 5545 -j DNAT --to-destination 192.168.1.10:5545
- -A PREROUTING -i eth0 -p tcp -m tcp --dport 1185 -j DNAT --to-destination 192.168.1.10:1185
- -A PREROUTING -i eth0 -p udp -m udp --dport 1185 -j DNAT --to-destination 192.168.1.10:1185
- -A PREROUTING -i eth0 -p tcp -m tcp --dport 4912 -j DNAT --to-destination 192.168.1.10:4912
- -A PREROUTING -i eth0 -p udp -m udp --dport 4912 -j DNAT --to-destination 192.168.1.10:4912
- -A POSTROUTING -o eth0 -j MASQUERADE
- COMMIT
- # Completed on Sun Jul 24 22:26:05 2011
- # Generated by iptables-save v1.3.6 on Sun Jul 24 22:26:05 2011
- *filter
- :INPUT DROP [13967359:1970857069]
- :FORWARD ACCEPT [277262268:179491446204]
- :OUTPUT ACCEPT [224716242:223343824912]
- :fail2ban-ssh - [0:0]
- -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -i ! eth0 -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 20849 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
- -A INPUT -p tcp -m multiport --dports 20:21,50000:50005 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
- -A fail2ban-ssh -j RETURN
- COMMIT
- # Completed on Sun Jul 24 22:26:05 2011
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement