API tools faq
paste
AndrzejL

iptables -L

AndrzejL
Feb 25th, 2013
283
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.57 KB | None | 0 0
raw download clone embed print report
  1. [root@wishmacer andrzejl]# iptables -L
  2. Chain INPUT (policy DROP)
  3. target prot opt source destination
  4. net2fw all -- anywhere anywhere
  5. ACCEPT all -- anywhere anywhere
  6. Reject all -- anywhere anywhere
  7. LOG all -- anywhere anywhere LOG level info prefix "Shorewall:INPUT:REJECT:"
  8. reject all -- anywhere anywhere [goto]
  9.  
  10. Chain FORWARD (policy DROP)
  11. target prot opt source destination
  12. Reject all -- anywhere anywhere
  13. LOG all -- anywhere anywhere LOG level info prefix "Shorewall:FORWARD:REJECT:"
  14. reject all -- anywhere anywhere [goto]
  15.  
  16. Chain OUTPUT (policy DROP)
  17. target prot opt source destination
  18. fw2net all -- anywhere anywhere
  19. ACCEPT all -- anywhere anywhere
  20. Reject all -- anywhere anywhere
  21. LOG all -- anywhere anywhere LOG level info prefix "Shorewall:OUTPUT:REJECT:"
  22. reject all -- anywhere anywhere [goto]
  23.  
  24. Chain Broadcast (2 references)
  25. target prot opt source destination
  26. DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
  27. DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
  28. DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
  29. DROP all -- anywhere base-address.mcast.net/4
  30.  
  31. Chain Drop (1 references)
  32. target prot opt source destination
  33. all -- anywhere anywhere
  34. reject tcp -- anywhere anywhere tcp dpt:ident /* Auth */
  35. Broadcast all -- anywhere anywhere
  36. ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */
  37. ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */
  38. DROP all -- anywhere anywhere ctstate INVALID
  39. DROP udp -- anywhere anywhere multiport dports epmap,microsoft-ds /* SMB */
  40. DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */
  41. DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */
  42. DROP tcp -- anywhere anywhere multiport dports epmap,netbios-ssn,microsoft-ds /* SMB */
  43. DROP udp -- anywhere anywhere udp dpt:ssdp /* UPnP */
  44. DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
  45. DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */
  46.  
  47. Chain Reject (3 references)
  48. target prot opt source destination
  49. all -- anywhere anywhere
  50. reject tcp -- anywhere anywhere tcp dpt:ident /* Auth */
  51. Broadcast all -- anywhere anywhere
  52. ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */
  53. ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */
  54. DROP all -- anywhere anywhere ctstate INVALID
  55. reject udp -- anywhere anywhere multiport dports epmap,microsoft-ds /* SMB */
  56. reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */
  57. reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */
  58. reject tcp -- anywhere anywhere multiport dports epmap,netbios-ssn,microsoft-ds /* SMB */
  59. DROP udp -- anywhere anywhere udp dpt:ssdp /* UPnP */
  60. DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
  61. DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */
  62.  
  63. Chain dynamic (1 references)
  64. target prot opt source destination
  65.  
  66. Chain fw2net (1 references)
  67. target prot opt source destination
  68. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
  69. ACCEPT all -- anywhere anywhere
  70.  
  71. Chain logdrop (0 references)
  72. target prot opt source destination
  73. DROP all -- anywhere anywhere
  74.  
  75. Chain logreject (0 references)
  76. target prot opt source destination
  77. reject all -- anywhere anywhere
  78.  
  79. Chain net2fw (1 references)
  80. target prot opt source destination
  81. dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
  82. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
  83. ACCEPT tcp -- anywhere anywhere tcp dpt:50505
  84. Drop all -- anywhere anywhere
  85. LOG all -- anywhere anywhere LOG level info prefix "Shorewall:net2fw:DROP:"
  86. DROP all -- anywhere anywhere
  87.  
  88. Chain reject (10 references)
  89. target prot opt source destination
  90. DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST
  91. DROP all -- base-address.mcast.net/4 anywhere
  92. DROP igmp -- anywhere anywhere
  93. REJECT tcp -- anywhere anywhere reject-with tcp-reset
  94. REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
  95. REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
  96. REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
  97.  
  98. Chain sfilter (0 references)
  99. target prot opt source destination
  100. LOG all -- anywhere anywhere LOG level info prefix "Shorewall:sfilter:DROP:"
  101. DROP all -- anywhere anywhere
  102.  
  103. Chain shorewall (0 references)
  104. target prot opt source destination
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!