Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT DROP [0:0]
- :FIREWALL DROP [0:0]
- :LO ACCEPT [0:0]
- :TCP DROP [0:0]
- :UDP DROP [0:0]
- :LOGNDROP DROP [0:0]
- -A INPUT -j FIREWALL
- -A FORWARD -j FIREWALL
- -A FIREWALL -m state --state INVALID -j DROP
- -A FIREWALL -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A FIREWALL -m state --state NEW -p icmp --icmp-type echo-request -j ACCEPT
- -A FIREWALL -m state --state NEW -i lo -j LO
- -A FIREWALL -m state --state NEW -m tcp -p tcp -j TCP
- -A FIREWALL -m state --state NEW -m udp -p udp -j UDP
- -A FIREWALL -m state --state NEW -j LOGNDROP
- -A LO -m tcp -p tcp --dport 22 -j ACCEPT
- -A LO -m tcp -p tcp --dport 25 -j ACCEPT
- -A LO -m udp -p udp --dport 161 -j ACCEPT
- -A TCP -m tcp -p tcp --dport 22 -j ACCEPT
- -A TCP -m tcp -p tcp --dport 25 -j ACCEPT
- -A TCP -m tcp -p tcp --dport 5432 -j ACCEPT
- -A TCP -m tcp -p tcp -j LOGNDROP
- -A UDP -m udp -p udp --dport 161 -j ACCEPT
- -A UDP -m udp -p udp -j LOGNDROP
- -A LOGNDROP -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
- -A LOGNDROP -j REJECT --reject-with icmp-host-prohibited
- -A OUTPUT -m state --state INVALID -j DROP
- -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A OUTPUT -o lo -j ACCEPT
- -A OUTPUT -o eth0 -p icmp -m state --state NEW -j ACCEPT
- -A OUTPUT -o eth0 -p tcp -m state --state NEW -j ACCEPT
- -A OUTPUT -d 192.168.0.0/16 -o eth0 -m state --state NEW -j ACCEPT
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
