API tools faq
paste
Advertisement
fdevibe

Untitled

fdevibe
Dec 15th, 2020
86
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.26 KB | None | 0 0
raw download clone embed print report
  1. # iptables-save
  2. # Generated by iptables-save v1.4.21 on Tue Dec 15 14:16:02 2020
  3. *raw
  4. :PREROUTING ACCEPT [3241550:296639320]
  5. :OUTPUT ACCEPT [2792310:633689464]
  6. COMMIT
  7. # Completed on Tue Dec 15 14:16:02 2020
  8. # Generated by iptables-save v1.4.21 on Tue Dec 15 14:16:02 2020
  9. *mangle
  10. :PREROUTING ACCEPT [5132256:516727787]
  11. :INPUT ACCEPT [4651875:489513799]
  12. :FORWARD ACCEPT [480381:27213988]
  13. :OUTPUT ACCEPT [4406321:974321357]
  14. :POSTROUTING ACCEPT [4886702:1001535345]
  15. COMMIT
  16. # Completed on Tue Dec 15 14:16:02 2020
  17. # Generated by iptables-save v1.4.21 on Tue Dec 15 14:16:02 2020
  18. *nat
  19. :PREROUTING ACCEPT [84188:5503273]
  20. :INPUT ACCEPT [81873:5216554]
  21. :OUTPUT ACCEPT [218497:14564425]
  22. :POSTROUTING ACCEPT [218542:14567125]
  23. :DOCKER - [0:0]
  24. -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
  25. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
  26. -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
  27. -A POSTROUTING -s 172.21.0.0/16 ! -o br-d6ff259af253 -j MASQUERADE
  28. -A POSTROUTING -s 172.18.0.0/16 ! -o docker_gwbridge -j MASQUERADE
  29. -A POSTROUTING -s 172.21.0.2/32 -d 172.21.0.2/32 -p tcp -m tcp --dport 15672 -j MASQUERADE
  30. -A POSTROUTING -s 172.21.0.2/32 -d 172.21.0.2/32 -p tcp -m tcp --dport 5672 -j MASQUERADE
  31. -A POSTROUTING -s 172.21.0.6/32 -d 172.21.0.6/32 -p tcp -m tcp --dport 8000 -j MASQUERADE
  32. -A DOCKER -i docker0 -j RETURN
  33. -A DOCKER -i br-d6ff259af253 -j RETURN
  34. -A DOCKER -i docker_gwbridge -j RETURN
  35. -A DOCKER ! -i br-d6ff259af253 -p tcp -m tcp --dport 15672 -j DNAT --to-destination 172.21.0.2:15672
  36. -A DOCKER ! -i br-d6ff259af253 -p tcp -m tcp --dport 5672 -j DNAT --to-destination 172.21.0.2:5672
  37. -A DOCKER ! -i br-d6ff259af253 -p tcp -m tcp --dport 8000 -j DNAT --to-destination 172.21.0.6:8000
  38. COMMIT
  39. # Completed on Tue Dec 15 14:16:02 2020
  40. # Generated by iptables-save v1.4.21 on Tue Dec 15 14:16:02 2020
  41. *filter
  42. :INPUT ACCEPT [104606:9457902]
  43. :FORWARD DROP [0:0]
  44. :OUTPUT ACCEPT [95662:22649271]
  45. :DOCKER - [0:0]
  46. :DOCKER-ISOLATION-STAGE-1 - [0:0]
  47. :DOCKER-ISOLATION-STAGE-2 - [0:0]
  48. :DOCKER-USER - [0:0]
  49. :vnetchain - [0:0]
  50. -A INPUT -i lo -p udp -m comment --comment AppDefense_Iptable_rules -j ACCEPT
  51. -A INPUT -i lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -m mark ! --mark 0x7e/0xfe -m comment --comment AppDefense_Iptable_rules -j ACCEPT
  52. -A INPUT -p udp -m udp --sport 53 -m conntrack --ctstate ESTABLISHED -m mark ! --mark 0x1/0x1 -m comment --comment AppDefense_Iptable_rules -j NFQUEUE --queue-num 0 --queue-bypass
  53. -A INPUT -p udp -m conntrack --ctstate NEW -m mark ! --mark 0x1/0x1 -m comment --comment AppDefense_Iptable_rules -j NFQUEUE --queue-num 0 --queue-bypass
  54. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -m mark ! --mark 0x1/0x1 -m comment --comment AppDefense_Iptable_rules -j NFQUEUE --queue-num 0 --queue-bypass
  55. -A INPUT -p tcp -m mark ! --mark 0x1/0x1 -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK SYN -j vnetchain
  56. -A FORWARD -j DOCKER-USER
  57. -A FORWARD -j DOCKER-ISOLATION-STAGE-1
  58. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  59. -A FORWARD -o docker0 -j DOCKER
  60. -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  61. -A FORWARD -i docker0 -o docker0 -j ACCEPT
  62. -A FORWARD -o br-d6ff259af253 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  63. -A FORWARD -o br-d6ff259af253 -j DOCKER
  64. -A FORWARD -i br-d6ff259af253 ! -o br-d6ff259af253 -j ACCEPT
  65. -A FORWARD -i br-d6ff259af253 -o br-d6ff259af253 -j ACCEPT
  66. -A FORWARD -o docker_gwbridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  67. -A FORWARD -o docker_gwbridge -j DOCKER
  68. -A FORWARD -i docker_gwbridge ! -o docker_gwbridge -j ACCEPT
  69. -A FORWARD -i docker_gwbridge -o docker_gwbridge -j DROP
  70. -A OUTPUT -o lo -p udp -m comment --comment AppDefense_Iptable_rules -j ACCEPT
  71. -A OUTPUT -o lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -m comment --comment AppDefense_Iptable_rules -j ACCEPT
  72. -A OUTPUT -p udp -m udp --dport 53 -m comment --comment AppDefense_Iptable_rules -j ACCEPT
  73. -A OUTPUT -p udp -m conntrack --ctstate NEW -m mark ! --mark 0x1/0x1 -m comment --comment AppDefense_Iptable_rules -j NFQUEUE --queue-num 0 --queue-bypass
  74. -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -m mark ! --mark 0x1/0x1 -m comment --comment AppDefense_Iptable_rules -j NFQUEUE --queue-num 0 --queue-bypass
  75. -A OUTPUT -p tcp -m mark ! --mark 0x1/0x1 -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK SYN -j vnetchain
  76. -A DOCKER -d 172.21.0.2/32 ! -i br-d6ff259af253 -o br-d6ff259af253 -p tcp -m tcp --dport 15672 -j ACCEPT
  77. -A DOCKER -d 172.21.0.2/32 ! -i br-d6ff259af253 -o br-d6ff259af253 -p tcp -m tcp --dport 5672 -j ACCEPT
  78. -A DOCKER -d 172.21.0.6/32 ! -i br-d6ff259af253 -o br-d6ff259af253 -p tcp -m tcp --dport 8000 -j ACCEPT
  79. -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
  80. -A DOCKER-ISOLATION-STAGE-1 -i br-d6ff259af253 ! -o br-d6ff259af253 -j DOCKER-ISOLATION-STAGE-2
  81. -A DOCKER-ISOLATION-STAGE-1 -i docker_gwbridge ! -o docker_gwbridge -j DOCKER-ISOLATION-STAGE-2
  82. -A DOCKER-ISOLATION-STAGE-1 -j RETURN
  83. -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
  84. -A DOCKER-ISOLATION-STAGE-2 -o br-d6ff259af253 -j DROP
  85. -A DOCKER-ISOLATION-STAGE-2 -o docker_gwbridge -j DROP
  86. -A DOCKER-ISOLATION-STAGE-2 -j RETURN
  87. -A DOCKER-USER -j RETURN
  88. -A vnetchain -j NFQUEUE --queue-num 0 --queue-bypass
  89. COMMIT
  90. # Completed on Tue Dec 15 14:16:02 2020
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!