API tools faq
paste
Guest User

iptables config

a guest
Sep 29th, 2018
302
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.87 KB | None | 0 0
raw download clone embed print report
  1. -P INPUT ACCEPT
  2. -P FORWARD ACCEPT
  3. -P OUTPUT ACCEPT
  4. -N DOCKER
  5. -N DOCKER-ISOLATION
  6. -N FORWARD_IN_ZONES
  7. -N FORWARD_IN_ZONES_SOURCE
  8. -N FORWARD_OUT_ZONES
  9. -N FORWARD_OUT_ZONES_SOURCE
  10. -N FORWARD_direct
  11. -N FWDI_cameras
  12. -N FWDI_cameras_allow
  13. -N FWDI_cameras_deny
  14. -N FWDI_cameras_log
  15. -N FWDI_internal
  16. -N FWDI_internal_allow
  17. -N FWDI_internal_deny
  18. -N FWDI_internal_log
  19. -N FWDO_cameras
  20. -N FWDO_cameras_allow
  21. -N FWDO_cameras_deny
  22. -N FWDO_cameras_log
  23. -N FWDO_internal
  24. -N FWDO_internal_allow
  25. -N FWDO_internal_deny
  26. -N FWDO_internal_log
  27. -N INPUT_ZONES
  28. -N INPUT_ZONES_SOURCE
  29. -N INPUT_direct
  30. -N IN_cameras
  31. -N IN_cameras_allow
  32. -N IN_cameras_deny
  33. -N IN_cameras_log
  34. -N IN_internal
  35. -N IN_internal_allow
  36. -N IN_internal_deny
  37. -N IN_internal_log
  38. -N OUTPUT_direct
  39. -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
  40. -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
  41. -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
  42. -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
  43. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  44. -A INPUT -i lo -j ACCEPT
  45. -A INPUT -j INPUT_direct
  46. -A INPUT -j INPUT_ZONES_SOURCE
  47. -A INPUT -j INPUT_ZONES
  48. -A INPUT -m conntrack --ctstate INVALID -j DROP
  49. -A INPUT -j REJECT --reject-with icmp-host-prohibited
  50. -A FORWARD -j DOCKER-ISOLATION
  51. -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  52. -A FORWARD -o docker0 -j DOCKER
  53. -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
  54. -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
  55. -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
  56. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
  57. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  58. -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  59. -A FORWARD -i docker0 -o docker0 -j ACCEPT
  60. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  61. -A FORWARD -i lo -j ACCEPT
  62. -A FORWARD -j FORWARD_direct
  63. -A FORWARD -j FORWARD_IN_ZONES_SOURCE
  64. -A FORWARD -j FORWARD_IN_ZONES
  65. -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
  66. -A FORWARD -j FORWARD_OUT_ZONES
  67. -A FORWARD -m conntrack --ctstate INVALID -j DROP
  68. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  69. -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
  70. -A OUTPUT -j OUTPUT_direct
  71. -A DOCKER-ISOLATION -j RETURN
  72. -A FORWARD_IN_ZONES -i bridge0 -g FWDI_internal
  73. -A FORWARD_IN_ZONES -i bridge1 -g FWDI_cameras
  74. -A FORWARD_IN_ZONES -g FWDI_internal
  75. -A FORWARD_IN_ZONES_SOURCE -s 192.168.1.4/32 -g FWDI_cameras
  76. -A FORWARD_OUT_ZONES -o bridge0 -g FWDO_internal
  77. -A FORWARD_OUT_ZONES -o bridge1 -g FWDO_cameras
  78. -A FORWARD_OUT_ZONES -g FWDO_internal
  79. -A FORWARD_OUT_ZONES_SOURCE -d 192.168.1.4/32 -g FWDO_cameras
  80. -A FWDI_cameras -j FWDI_cameras_log
  81. -A FWDI_cameras -j FWDI_cameras_deny
  82. -A FWDI_cameras -j FWDI_cameras_allow
  83. -A FWDI_cameras -p icmp -j ACCEPT
  84. -A FWDI_internal -j FWDI_internal_log
  85. -A FWDI_internal -j FWDI_internal_deny
  86. -A FWDI_internal -j FWDI_internal_allow
  87. -A FWDI_internal -p icmp -j ACCEPT
  88. -A FWDO_cameras -j FWDO_cameras_log
  89. -A FWDO_cameras -j FWDO_cameras_deny
  90. -A FWDO_cameras -j FWDO_cameras_allow
  91. -A FWDO_internal -j FWDO_internal_log
  92. -A FWDO_internal -j FWDO_internal_deny
  93. -A FWDO_internal -j FWDO_internal_allow
  94. -A INPUT_ZONES -i bridge0 -g IN_internal
  95. -A INPUT_ZONES -i bridge1 -g IN_cameras
  96. -A INPUT_ZONES -g IN_internal
  97. -A INPUT_ZONES_SOURCE -s 192.168.1.4/32 -g IN_cameras
  98. -A IN_cameras -j IN_cameras_log
  99. -A IN_cameras -j IN_cameras_deny
  100. -A IN_cameras -j IN_cameras_allow
  101. -A IN_cameras -p icmp -j ACCEPT
  102. -A IN_cameras_allow -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT
  103. -A IN_internal -j IN_internal_log
  104. -A IN_internal -j IN_internal_deny
  105. -A IN_internal -j IN_internal_allow
  106. -A IN_internal -p icmp -j ACCEPT
  107. -A IN_internal_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
  108. -A IN_internal_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW -j ACCEPT
  109. -A IN_internal_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW -j ACCEPT
  110. -A IN_internal_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW -j ACCEPT
  111. -A IN_internal_allow -p tcp -m tcp --dport 139 -m conntrack --ctstate NEW -j ACCEPT
  112. -A IN_internal_allow -p tcp -m tcp --dport 445 -m conntrack --ctstate NEW -j ACCEPT
  113. -A IN_internal_allow -p tcp -m tcp --dport 20048 -m conntrack --ctstate NEW -j ACCEPT
  114. -A IN_internal_allow -p udp -m udp --dport 20048 -m conntrack --ctstate NEW -j ACCEPT
  115. -A IN_internal_allow -p tcp -m tcp --dport 111 -m conntrack --ctstate NEW -j ACCEPT
  116. -A IN_internal_allow -p udp -m udp --dport 111 -m conntrack --ctstate NEW -j ACCEPT
  117. -A IN_internal_allow -p tcp -m tcp --dport 2049 -m conntrack --ctstate NEW -j ACCEPT
  118. -A IN_internal_allow -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT
  119. -A IN_internal_allow -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
  120. -A IN_internal_allow -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!