epcim
10/20/2015 - 1:44 PM

iptables_example.howto.md

iptables_example.howto.md
content_copyfile_download
  • Rendered
  • Source

Generated by iptables-save v1.3.5 on Mon Jan 1 14:59:37 2007

*nat :PREROUTING ACCEPT [124852:17516324] :POSTROUTING ACCEPT [204838:12891483] [0:0] -A POSTROUTING -s 10.99.1.2 -j MASQUERADE :OUTPUT ACCEPT [204838:12891483] COMMIT

Completed on Mon Jan 1 14:59:37 2007

Generated by iptables-save v1.3.5 on Mon Jan 1 14:59:37 2007

*mangle :PREROUTING ACCEPT [14743010:17424875424] :INPUT ACCEPT [14692260:17419680462] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [10998392:1180804994] :POSTROUTING ACCEPT [10998403:1180805852] COMMIT

Completed on Mon Jan 1 14:59:37 2007

Generated by iptables-save v1.3.5 on Mon Jan 1 14:59:37 2007

*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [10998284:1180799594] [0:0] -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT [0:0] -A FORWARD -i eth0 -o eth1 -j ACCEPT [0:0] -A FORWARD -j LOG --log-prefix "IPTABLES:FORWARD_DROP: " --log-level 6 [0:0] -A FORWARD -j DROP [1820360:502887181] -A INPUT -i lo -j ACCEPT [0:0] -A INPUT -s 10.99.1.2/255.255.255.255 -i eth0 -j ACCEPT #[0:0] -A INPUT -s 10.99.1.0/255.255.255.0 -i ppp0 -j ACCEPT #[0:0] -A INPUT -s 10.99.1.0/255.255.255.0 -i ppp1 -j ACCEPT [12369759:16621120873] -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT [396927:280724423] -A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT [1:136] -A INPUT -p esp -j ACCEPT [0:0] -A INPUT -p ah -j ACCEPT [0:0] -A INPUT -i ipsec+ -p 254 -j ACCEPT [1242:79818] -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 4 -j ACCEPT [4:224] -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 5 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 9 -j ACCEPT [107:13648] -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT [26019:2185540] -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT [4:176] -A INPUT -p tcp -m tcp --dport 67:68 -j DROP [11803:3965448] -A INPUT -p udp -m udp --dport 67:68 -j DROP [0:0] -A INPUT -p tcp -m tcp --dport 137 -j DROP [30128:2401122] -A INPUT -p udp -m udp --dport 137 -j DROP [0:0] -A INPUT -p tcp -m tcp --dport 138 -j DROP [8318:1876276] -A INPUT -p udp -m udp --dport 138 -j DROP [0:0] -A INPUT -p tcp -m tcp --dport 139 -j DROP [0:0] -A INPUT -p udp -m udp --dport 139 -j DROP [40:1760] -A INPUT -p tcp -m tcp --dport 1:20 -j DROP [2:88] -A INPUT -p tcp -m tcp --dport 111 -j DROP [4:176] -A INPUT -p tcp -m tcp --dport 161:162 -j DROP [2:88] -A INPUT -p tcp -m tcp --dport 520 -j DROP [0:0] -A INPUT -p tcp -m tcp --dport 6348:6349 -j DROP [0:0] -A INPUT -p tcp -m tcp --dport 6345:6347 -j DROP [2863:359798] -A INPUT -p tcp -m limit --limit 3/min -j LOG --log-prefix "IPTABLES:TCP_DROP: " --log-level 6 [6608:2882810] -A INPUT -p udp -m limit --limit 3/min -j LOG --log-prefix "IPTABLES:UDP_DROP: " --log-level 6 [22535:4124405] -A INPUT -j DROP COMMIT

Completed on Mon Jan 1 14:59:37 2007