API tools faq
paste
Advertisement
Logos01

Untitled

Logos01
Jul 11th, 2013
341
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.82 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.4.12 on Thu Jul 11 09:59:51 2013
  2. *mangle
  3. :PREROUTING ACCEPT [194658:65532093]
  4. :INPUT ACCEPT [194215:65407903]
  5. :FORWARD ACCEPT [443:124190]
  6. :OUTPUT ACCEPT [207778:82483803]
  7. :POSTROUTING ACCEPT [208221:82607993]
  8. COMMIT
  9. # Completed on Thu Jul 11 09:59:51 2013
  10. # Generated by iptables-save v1.4.12 on Thu Jul 11 09:59:51 2013
  11. *filter
  12. :INPUT DROP [0:0]
  13. :FORWARD DROP [0:0]
  14. :OUTPUT ACCEPT [0:0]
  15. -A INPUT -m state --state INVALID -j DROP
  16. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  17. -A INPUT -i lo -j ACCEPT
  18. -A INPUT -i lxcbr0 -j ACCEPT
  19. -A INPUT -p icmp -j ACCEPT
  20. -A INPUT -p udp -m udp --dport 500 -j ACCEPT
  21. -A INPUT -p esp -j ACCEPT
  22. -A INPUT -p ah -j ACCEPT
  23. -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
  24. -A FORWARD -m state --state INVALID -j DROP
  25. -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  26. -A FORWARD -i lxcbr0 -j ACCEPT
  27. -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  28. COMMIT
  29. # Completed on Thu Jul 11 09:59:51 2013
  30. # Generated by iptables-save v1.4.12 on Thu Jul 11 09:59:51 2013
  31. *nat
  32. :PREROUTING ACCEPT [32:1974]
  33. :INPUT ACCEPT [0:0]
  34. :OUTPUT ACCEPT [0:0]
  35. :POSTROUTING ACCEPT [0:0]
  36. -A POSTROUTING -s 192.255.255.0/24 ! -d 192.255.255.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
  37. -A POSTROUTING -s 192.255.255.0/24 ! -d 192.255.255.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
  38. -A POSTROUTING -s 192.255.255.0/24 ! -d 192.255.255.0/24 -j MASQUERADE
  39. COMMIT
  40. # Completed on Thu Jul 11 09:59:51 2013
  41.  
  42. # -*- shell-script -*-
  43. #
  44. # Configuration file for ferm(1).
  45. #
  46.  
  47. table nat {
  48. chain ( PREROUTING INPUT OUTPUT ) { policy ACCEPT; }
  49. chain POSTROUTING {
  50. policy ACCEPT;
  51. proto ( tcp udp ) {
  52. saddr 192.255.255.0/24 daddr ! 192.255.255.0/24 MASQUERADE to-ports 1024-65535;
  53. }
  54. saddr 192.255.255.0/24 daddr ! 192.255.255.0/24 MASQUERADE;
  55. }
  56. }
  57.  
  58. table mangle {
  59. chain ( PREROUTING INPUT FORWARD OUTPUT POSTROUTING ) { policy ACCEPT ; }
  60. }
  61.  
  62.  
  63. table filter {
  64. chain INPUT {
  65. policy DROP;
  66.  
  67. # connection tracking
  68. mod state state INVALID DROP;
  69. mod state state (ESTABLISHED RELATED) ACCEPT;
  70.  
  71. # allow local packet
  72. interface ( lo lxcbr0 ) ACCEPT;
  73.  
  74. # respond to ping
  75. proto icmp ACCEPT;
  76.  
  77. # allow IPsec
  78. proto udp dport 500 ACCEPT;
  79. proto (esp ah) ACCEPT;
  80.  
  81. # allow SSH connections
  82. proto tcp dport ssh ACCEPT;
  83. }
  84. chain OUTPUT {
  85. policy ACCEPT;
  86.  
  87. # connection tracking
  88. #mod state state INVALID DROP;
  89. mod state state (ESTABLISHED RELATED) ACCEPT;
  90. }
  91. chain FORWARD {
  92. policy DROP;
  93.  
  94. # connection tracking
  95. mod state state INVALID DROP;
  96. mod state state (ESTABLISHED RELATED) ACCEPT;
  97. interface ( lxcbr0 ) ACCEPT;
  98. }
  99. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!