API tools faq
paste
Advertisement
78Star78

netfilter

78Star78
Feb 2nd, 2021
208
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.84 KB | None | 0 0
raw download clone embed print report
  1. $ sudo iptables-save
  2. # Generated by iptables-save v1.8.5 on Wed Feb 3 04:01:45 2021
  3. *nat
  4. :PREROUTING ACCEPT [0:0]
  5. :INPUT ACCEPT [0:0]
  6. :POSTROUTING ACCEPT [0:0]
  7. :OUTPUT ACCEPT [0:0]
  8. :DOCKER - [0:0]
  9. -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
  10. -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
  11. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
  12. -A DOCKER -i docker0 -j RETURN
  13. COMMIT
  14. # Completed on Wed Feb 3 04:01:45 2021
  15. # Generated by iptables-save v1.8.5 on Wed Feb 3 04:01:45 2021
  16. *filter
  17. :INPUT ACCEPT [53633:29423974]
  18. :FORWARD ACCEPT [0:0]
  19. :OUTPUT ACCEPT [134:15406]
  20. :DOCKER - [0:0]
  21. :DOCKER-ISOLATION-STAGE-1 - [0:0]
  22. :DOCKER-USER - [0:0]
  23. :ufw-before-logging-input - [0:0]
  24. :ufw-before-logging-output - [0:0]
  25. :ufw-before-logging-forward - [0:0]
  26. :ufw-before-input - [0:0]
  27. :ufw-before-output - [0:0]
  28. :ufw-before-forward - [0:0]
  29. :ufw-after-input - [0:0]
  30. :ufw-after-output - [0:0]
  31. :ufw-after-forward - [0:0]
  32. :ufw-after-logging-input - [0:0]
  33. :ufw-after-logging-output - [0:0]
  34. :ufw-after-logging-forward - [0:0]
  35. :ufw-reject-input - [0:0]
  36. :ufw-reject-output - [0:0]
  37. :ufw-reject-forward - [0:0]
  38. :ufw-track-input - [0:0]
  39. :ufw-track-output - [0:0]
  40. :ufw-track-forward - [0:0]
  41. :DOCKER-ISOLATION-STAGE-2 - [0:0]
  42. -A INPUT -j ufw-before-logging-input
  43. -A INPUT -j ufw-before-input
  44. -A INPUT -j ufw-after-input
  45. -A INPUT -j ufw-after-logging-input
  46. -A INPUT -j ufw-reject-input
  47. -A INPUT -j ufw-track-input
  48. -A FORWARD -j DOCKER-USER
  49. -A FORWARD -j DOCKER-ISOLATION-STAGE-1
  50. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  51. -A FORWARD -o docker0 -j DOCKER
  52. -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  53. -A FORWARD -i docker0 -o docker0 -j ACCEPT
  54. -A FORWARD -j ufw-before-logging-forward
  55. -A FORWARD -j ufw-before-forward
  56. -A FORWARD -j ufw-after-forward
  57. -A FORWARD -j ufw-after-logging-forward
  58. -A FORWARD -j ufw-reject-forward
  59. -A FORWARD -j ufw-track-forward
  60. -A OUTPUT -j ufw-before-logging-output
  61. -A OUTPUT -j ufw-before-output
  62. -A OUTPUT -j ufw-after-output
  63. -A OUTPUT -j ufw-after-logging-output
  64. -A OUTPUT -j ufw-reject-output
  65. -A OUTPUT -j ufw-track-output
  66. -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
  67. -A DOCKER-ISOLATION-STAGE-1 -j RETURN
  68. -A DOCKER-USER -j RETURN
  69. -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
  70. -A DOCKER-ISOLATION-STAGE-2 -j RETURN
  71. COMMIT
  72. # Completed on Wed Feb 3 04:01:45 2021
  73. # Warning: iptables-legacy tables present, use iptables-legacy-save to see them
  74. sys_gen0@discovery:~$ docker stop seq
  75. ^[[A^[[A^[[B^[[B^[[D^[[D^[[C^[[Cseq
  76. sys_gen0@discovery:~$ docker rm seq
  77. seq
  78. sys_gen0@discovery:~$ sudo docker run --name seq -d --restart unless-stopped -e ACCEPT_EULA=Y -e SEQ_FIRSTRUN_ADMINPASSWORDHASH="$PH" -v ~/Docker/Seq/Data/Dev:/data -p 82:80 -p 5341:5341 datalust/seq
  79. 47cec23a557900876d288395baff8748016bd0b8c2251d3761190b3f701eb092
  80. sys_gen0@discovery:~$ sudo iptables-save
  81. # Generated by iptables-save v1.8.5 on Wed Feb 3 04:02:28 2021
  82. *nat
  83. :PREROUTING ACCEPT [0:0]
  84. :INPUT ACCEPT [0:0]
  85. :POSTROUTING ACCEPT [0:0]
  86. :OUTPUT ACCEPT [0:0]
  87. :DOCKER - [0:0]
  88. -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
  89. -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
  90. -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 5341 -j MASQUERADE
  91. -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 80 -j MASQUERADE
  92. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
  93. -A DOCKER -i docker0 -j RETURN
  94. -A DOCKER ! -i docker0 -p tcp -m tcp --dport 5341 -j DNAT --to-destination 172.17.0.2:5341
  95. -A DOCKER ! -i docker0 -p tcp -m tcp --dport 82 -j DNAT --to-destination 172.17.0.2:80
  96. COMMIT
  97. # Completed on Wed Feb 3 04:02:28 2021
  98. # Generated by iptables-save v1.8.5 on Wed Feb 3 04:02:28 2021
  99. *filter
  100. :INPUT ACCEPT [58177:31882756]
  101. :FORWARD ACCEPT [0:0]
  102. :OUTPUT ACCEPT [201:27526]
  103. :DOCKER - [0:0]
  104. :DOCKER-ISOLATION-STAGE-1 - [0:0]
  105. :DOCKER-USER - [0:0]
  106. :ufw-before-logging-input - [0:0]
  107. :ufw-before-logging-output - [0:0]
  108. :ufw-before-logging-forward - [0:0]
  109. :ufw-before-input - [0:0]
  110. :ufw-before-output - [0:0]
  111. :ufw-before-forward - [0:0]
  112. :ufw-after-input - [0:0]
  113. :ufw-after-output - [0:0]
  114. :ufw-after-forward - [0:0]
  115. :ufw-after-logging-input - [0:0]
  116. :ufw-after-logging-output - [0:0]
  117. :ufw-after-logging-forward - [0:0]
  118. :ufw-reject-input - [0:0]
  119. :ufw-reject-output - [0:0]
  120. :ufw-reject-forward - [0:0]
  121. :ufw-track-input - [0:0]
  122. :ufw-track-output - [0:0]
  123. :ufw-track-forward - [0:0]
  124. :DOCKER-ISOLATION-STAGE-2 - [0:0]
  125. -A INPUT -j ufw-before-logging-input
  126. -A INPUT -j ufw-before-input
  127. -A INPUT -j ufw-after-input
  128. -A INPUT -j ufw-after-logging-input
  129. -A INPUT -j ufw-reject-input
  130. -A INPUT -j ufw-track-input
  131. -A FORWARD -j DOCKER-USER
  132. -A FORWARD -j DOCKER-ISOLATION-STAGE-1
  133. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  134. -A FORWARD -o docker0 -j DOCKER
  135. -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  136. -A FORWARD -i docker0 -o docker0 -j ACCEPT
  137. -A FORWARD -j ufw-before-logging-forward
  138. -A FORWARD -j ufw-before-forward
  139. -A FORWARD -j ufw-after-forward
  140. -A FORWARD -j ufw-after-logging-forward
  141. -A FORWARD -j ufw-reject-forward
  142. -A FORWARD -j ufw-track-forward
  143. -A OUTPUT -j ufw-before-logging-output
  144. -A OUTPUT -j ufw-before-output
  145. -A OUTPUT -j ufw-after-output
  146. -A OUTPUT -j ufw-after-logging-output
  147. -A OUTPUT -j ufw-reject-output
  148. -A OUTPUT -j ufw-track-output
  149. -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5341 -j ACCEPT
  150. -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
  151. -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
  152. -A DOCKER-ISOLATION-STAGE-1 -j RETURN
  153. -A DOCKER-USER -j RETURN
  154. -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
  155. -A DOCKER-ISOLATION-STAGE-2 -j RETURN
  156. COMMIT
  157. # Completed on Wed Feb 3 04:02:28 2021
  158. # Warning: iptables-legacy tables present, use iptables-legacy-save to see them
  159.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!