Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ufw disabled, app disconnected
- -P INPUT ACCEPT
- -P FORWARD ACCEPT
- -P OUTPUT ACCEPT
- -N piavpn.100.blockDNS
- -N piavpn.200.exemptLAN
- -N piavpn.500.killswitch
- -N piavpn.con.100.blockDNS
- -N piavpn.con.200.exemptLAN
- -N piavpn.con.500.killswitch
- -N ufw-after-forward
- -N ufw-after-input
- -N ufw-after-logging-forward
- -N ufw-after-logging-input
- -N ufw-after-logging-output
- -N ufw-after-output
- -N ufw-before-forward
- -N ufw-before-input
- -N ufw-before-logging-forward
- -N ufw-before-logging-input
- -N ufw-before-logging-output
- -N ufw-before-output
- -N ufw-reject-forward
- -N ufw-reject-input
- -N ufw-reject-output
- -N ufw-track-forward
- -N ufw-track-input
- -N ufw-track-output
- -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
- -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
- -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
- -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
- -A INPUT -j ufw-before-logging-input
- -A INPUT -j ufw-before-input
- -A INPUT -j ufw-after-input
- -A INPUT -j ufw-after-logging-input
- -A INPUT -j ufw-reject-input
- -A INPUT -j ufw-track-input
- -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
- -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
- -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
- -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
- -A FORWARD -j ufw-before-logging-forward
- -A FORWARD -j ufw-before-forward
- -A FORWARD -j ufw-after-forward
- -A FORWARD -j ufw-after-logging-forward
- -A FORWARD -j ufw-reject-forward
- -A FORWARD -j ufw-track-forward
- -A OUTPUT -j piavpn.con.100.blockDNS
- -A OUTPUT -j piavpn.con.200.exemptLAN
- -A OUTPUT -j piavpn.con.500.killswitch
- -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
- -A OUTPUT -j ufw-before-logging-output
- -A OUTPUT -j ufw-before-output
- -A OUTPUT -j ufw-after-output
- -A OUTPUT -j ufw-after-logging-output
- -A OUTPUT -j ufw-reject-output
- -A OUTPUT -j ufw-track-output
- -A piavpn.100.blockDNS -o lo+ -j ACCEPT
- -A piavpn.100.blockDNS -d 209.222.18.222/32 -o tun+ -p udp -m udp --dport 53 -j ACCEPT
- -A piavpn.100.blockDNS -d 209.222.18.222/32 -o tun+ -p tcp -m tcp --dport 53 -j ACCEPT
- -A piavpn.100.blockDNS -d 209.222.18.218/32 -o tun+ -p udp -m udp --dport 53 -j ACCEPT
- -A piavpn.100.blockDNS -d 209.222.18.218/32 -o tun+ -p tcp -m tcp --dport 53 -j ACCEPT
- -A piavpn.100.blockDNS -p udp -m owner --gid-owner 1002 -m udp --dport 53 -j ACCEPT
- -A piavpn.100.blockDNS -p tcp -m owner --gid-owner 1002 -m tcp --dport 53 -j ACCEPT
- -A piavpn.100.blockDNS -p udp -m udp --dport 53 -j DROP
- -A piavpn.100.blockDNS -p tcp -m tcp --dport 53 -j DROP
- -A piavpn.200.exemptLAN -d 10.0.0.0/8 -j ACCEPT
- -A piavpn.200.exemptLAN -d 172.16.0.0/12 -j ACCEPT
- -A piavpn.200.exemptLAN -d 192.168.0.0/16 -j ACCEPT
- -A piavpn.200.exemptLAN -d 224.0.0.0/4 -j ACCEPT
- -A piavpn.200.exemptLAN -d 255.255.255.255/32 -j ACCEPT
- -A piavpn.500.killswitch -o lo+ -j ACCEPT
- -A piavpn.500.killswitch -m owner --gid-owner 1002 -j ACCEPT
- -A piavpn.500.killswitch -p udp -m udp --sport 68 --dport 67 -j ACCEPT
- -A piavpn.500.killswitch ! -o tun+ -j REJECT --reject-with icmp-port-unreachable
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement