daily pastebin goal
0%
SHARE
TWEET

Untitled

a guest Jun 14th, 2018 56 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Generated by iptables-save v1.4.21 on Tue Feb 24 14:47:52 2015
  2. *filter
  3. :INPUT ACCEPT [0:0]
  4. :FORWARD DROP [0:0]
  5. :OUTPUT ACCEPT [0:0]
  6. :delegate_forward - [0:0]
  7. :delegate_input - [0:0]
  8. :delegate_output - [0:0]
  9. :forwarding_lan_rule - [0:0]
  10. :forwarding_rule - [0:0]
  11. :forwarding_wan_rule - [0:0]
  12. :input_lan_rule - [0:0]
  13. :input_rule - [0:0]
  14. :input_wan_rule - [0:0]
  15. :output_lan_rule - [0:0]
  16. :output_rule - [0:0]
  17. :output_wan_rule - [0:0]
  18. :reject - [0:0]
  19. :syn_flood - [0:0]
  20. :zone_lan_dest_ACCEPT - [0:0]
  21. :zone_lan_forward - [0:0]
  22. :zone_lan_input - [0:0]
  23. :zone_lan_output - [0:0]
  24. :zone_lan_src_ACCEPT - [0:0]
  25. :zone_wan_dest_ACCEPT - [0:0]
  26. :zone_wan_dest_REJECT - [0:0]
  27. :zone_wan_forward - [0:0]
  28. :zone_wan_input - [0:0]
  29. :zone_wan_output - [0:0]
  30. :zone_wan_src_REJECT - [0:0]
  31. -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
  32. -A INPUT -j delegate_input
  33. -A FORWARD -j delegate_forward
  34. -A OUTPUT -j delegate_output
  35. -A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule
  36. -A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  37. -A delegate_forward -i br-lan -j zone_lan_forward
  38. -A delegate_forward -j reject
  39. -A delegate_input -i lo -j ACCEPT
  40. -A delegate_input -m comment --comment "user chain for input" -j input_rule
  41. -A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  42. -A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
  43. -A delegate_input -i br-lan -j zone_lan_input
  44. -A delegate_output -o lo -j ACCEPT
  45. -A delegate_output -m comment --comment "user chain for output" -j output_rule
  46. -A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  47. -A delegate_output -o br-lan -j zone_lan_output
  48. -A reject -p tcp -j REJECT --reject-with tcp-reset
  49. -A reject -j REJECT --reject-with icmp-port-unreachable
  50. -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN
  51. -A syn_flood -j DROP
  52. -A zone_lan_dest_ACCEPT -o br-lan -j ACCEPT
  53. -A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule
  54. -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
  55. -A zone_lan_forward -j zone_lan_dest_ACCEPT
  56. -A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule
  57. -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
  58. -A zone_lan_input -j zone_lan_src_ACCEPT
  59. -A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule
  60. -A zone_lan_output -j zone_lan_dest_ACCEPT
  61. -A zone_lan_src_ACCEPT -i br-lan -j ACCEPT
  62. -A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule
  63. -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
  64. -A zone_wan_forward -j zone_wan_dest_REJECT
  65. -A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule
  66. -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment Allow-DHCP-Renew -j ACCEPT
  67. -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment Allow-Ping -j ACCEPT
  68. -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
  69. -A zone_wan_input -j zone_wan_src_REJECT
  70. -A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule
  71. -A zone_wan_output -j zone_wan_dest_ACCEPT
  72. COMMIT
  73. # Completed on Tue Feb 24 14:47:52 2015
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top