Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *nat
- :PREROUTING ACCEPT [6:2126]
- :INPUT ACCEPT [0:0]
- :OUTPUT ACCEPT [17:6239]
- :POSTROUTING ACCEPT [6:408]
- -A PREROUTING ! -i lo -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353
- -A PREROUTING ! -i lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
- -A OUTPUT -o lo -j RETURN
- --ipv4 -A OUTPUT -d 192.168.0.0/16 -j RETURN
- -A OUTPUT -m owner --uid-owner "tor" -j RETURN
- -A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353
- -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
- COMMIT
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT DROP [0:0]
- -A INPUT -i lo -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- --ipv4 -A INPUT -p tcp -j REJECT --reject-with tcp-reset
- --ipv4 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
- --ipv4 -A INPUT -j REJECT --reject-with icmp-proto-unreachable
- --ipv6 -A INPUT -j REJECT
- --ipv4 -A OUTPUT -d 127.0.0.0/8 -j ACCEPT
- --ipv4 -A OUTPUT -d 192.168.0.0/16 -j ACCEPT
- --ipv6 -A OUTPUT -d ::1/8 -j ACCEPT
- -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A OUTPUT -m owner --uid-owner "tor" -j ACCEPT
- --ipv4 -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
- --ipv6 -A OUTPUT -j REJECT
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
