Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- table inet filter {
- chain input {
- type filter hook input priority 0; policy accept;
- iif "lo" accept
- ip protocol icmp icmp type echo-request limit rate over 10/second burst 4 packets drop
- ip6 nexthdr ipv6-icmp icmpv6 type echo-request limit rate over 10/second burst 4 packets drop
- ct state established,related accept
- ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-done, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, ind-neighbor-solicit, ind-neighbor-advert, mld2-listener-report } accept
- ip protocol icmp icmp type { destination-unreachable, router-advertisement, router-solicitation, time-exceeded, parameter-problem } accept
- ip protocol igmp accept
- tcp dport 8822 accept
- tcp dport http accept
- tcp dport https accept
- tcp dport smtp accept
- tcp dport submission accept
- tcp dport pop3 accept
- tcp dport pop3s accept
- tcp dport imap2 accept
- tcp dport imaps accept
- counter packets 1482 bytes 342159 drop
- udp dport openvpn accept
- }
- chain output {
- type filter hook output priority 0; policy accept;
- }
- chain forward {
- type filter hook forward priority 0; policy drop;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
