Guest User

HG659 iptables

a guest
Dec 22nd, 2014
387
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # iptables -L
  2. iptables -L
  3. Chain INPUT (policy ACCEPT)
  4. target prot opt source destination
  5. INPUT_BRIDGE all -- anywhere anywhere
  6. INPUT_SERVICE_ACL all -- anywhere anywhere
  7. INPUT_APPFLT all -- anywhere anywhere
  8. INPUT_URLFLT all -- anywhere anywhere
  9. INPUT_SERVICE all -- anywhere anywhere
  10. INPUT_FTP all -- anywhere anywhere
  11. INPUT_IPSEC all -- anywhere anywhere
  12. INPUT_FIREWALL all -- anywhere anywhere
  13.  
  14. Chain FORWARD (policy ACCEPT)
  15. target prot opt source destination
  16. DROP all -- anywhere anywhere
  17. FWD_IPFLT all -- anywhere anywhere
  18. FWD_APPFLT all -- anywhere anywhere
  19. FWD_URLFLT all -- anywhere anywhere
  20. FWD_SERVICE all -- anywhere anywhere
  21. FWD_PORT_TRIGGER all -- anywhere anywhere
  22. FWD_IPSEC all -- anywhere anywhere
  23. FWD_FIREWALL all -- anywhere anywhere
  24. ACCEPT all -- anywhere anywhere
  25. ACCEPT all -- 192.168.239.0/24 anywhere
  26. DROP all -- anywhere anywhere
  27.  
  28. Chain OUTPUT (policy ACCEPT)
  29. target prot opt source destination
  30.  
  31. Chain FWD_APPFLT (1 references)
  32. target prot opt source destination
  33.  
  34. Chain FWD_FIREWALL (1 references)
  35. target prot opt source destination
  36. DROP all -- anywhere anywhere state NEW
  37. LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 6/hour burst 5 LOG level alert prefix `Intrusion -> '
  38.  
  39. Chain FWD_IPFLT (1 references)
  40. target prot opt source destination
  41.  
  42. Chain FWD_IPSEC (1 references)
  43. target prot opt source destination
  44.  
  45. Chain FWD_PORT_TRIGGER (1 references)
  46. target prot opt source destination
  47.  
  48. Chain FWD_SERVICE (1 references)
  49. target prot opt source destination
  50. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
  51. FWD_SERVICE_DMZ all -- anywhere anywhere
  52. ACCEPT all -- anywhere 224.0.0.0/4
  53.  
  54. Chain FWD_SERVICE_DMZ (1 references)
  55. target prot opt source destination
  56.  
  57. Chain FWD_URLFLT (1 references)
  58. target prot opt source destination
  59.  
  60. Chain INPUT_APPFLT (1 references)
  61. target prot opt source destination
  62.  
  63. Chain INPUT_BRIDGE (1 references)
  64. target prot opt source destination
  65. RETURN all -- anywhere 10.20.30.1
  66. DROP all -- anywhere 10.20.30.1
  67.  
  68. Chain INPUT_FIREWALL (1 references)
  69. target prot opt source destination
  70. LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 6/hour burst 5 LOG level alert prefix `Intrusion -> '
  71. DROP all -- anywhere anywhere
  72.  
  73. Chain INPUT_FTP (1 references)
  74. target prot opt source destination
  75.  
  76. Chain INPUT_IPSEC (1 references)
  77. target prot opt source destination
  78.  
  79. Chain INPUT_SERVICE (1 references)
  80. target prot opt source destination
  81. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
  82. ACCEPT udp -- anywhere anywhere udp dpt:500
  83. ACCEPT udp -- anywhere anywhere udp dpt:4500
  84. ACCEPT esp -- anywhere anywhere
  85. ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
  86. ACCEPT udp -- anywhere anywhere udp dpt:6050
  87. ACCEPT udp -- anywhere anywhere udp dpt:6050
  88. ACCEPT udp -- anywhere anywhere udp dpt:0
  89. ACCEPT udp -- anywhere anywhere udp dpts:50000:50020
  90. ACCEPT igmp -- anywhere anywhere
  91. ACCEPT udp -- anywhere anywhere udp dpt:6050
  92.  
  93. Chain INPUT_SERVICE_ACL (1 references)
  94. target prot opt source destination
  95. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
  96. ACCEPT all -- anywhere anywhere
  97. ACCEPT tcp -- anywhere anywhere tcp dpt:631
  98. ACCEPT tcp -- anywhere anywhere multiport dports 37215,37443
  99. ACCEPT tcp -- anywhere anywhere multiport dports www,https
  100. ACCEPT icmp -- anywhere anywhere
  101. ACCEPT tcp -- anywhere anywhere multiport dports netbios-ns,netbios-dgm,netbios-ssn,445
  102. ACCEPT udp -- anywhere anywhere multiport dports netbios-ns,netbios-dgm,netbios-ssn,445
  103. ACCEPT tcp -- anywhere anywhere multiport dports ftp,990
  104. ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
  105. ACCEPT tcp -- anywhere anywhere tcp dpt:7547
  106. ACCEPT tcp -- anywhere anywhere multiport dports www,https
  107. DROP tcp -- anywhere anywhere multiport dports ftp,990,www,https,ssh,netbios-ns,netbios-dgm,netbios-ssn,445,37215,37443,telnet
  108. DROP udp -- anywhere anywhere multiport dports netbios-ns,netbios-dgm,netbios-ssn,445
  109. DROP icmp -- anywhere anywhere
  110.  
  111. Chain INPUT_URLFLT (1 references)
  112. target prot opt source destination
RAW Paste Data