API tools faq
paste
fdevibe

Untitled

fdevibe
Dec 18th, 2020 (edited)
294
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.22 KB | None | 0 0
raw download clone embed print report
  1. UDP packet 1:
  2.  
  3. Dec 18 15:07:00 dst-host kernel: TRACE: raw:PREROUTING:policy:5 IN=ens160 OUT= MAC=<MAC_ADDRESS> SRC=<SRC_HOST> DST=<DST_HOST> LEN=1078 TOS=0x00 PREC=0x00 TTL=64 ID=39907 DF PROTO=UDP SPT=58108 DPT=31377 LEN=1058
  4. Dec 18 15:07:00 dst-host kernel: TRACE: mangle:PREROUTING:policy:1 IN=ens160 OUT= MAC=<MAC_ADDRESS> SRC=<SRC_HOST> DST=<DST_HOST> LEN=1078 TOS=0x00 PREC=0x00 TTL=64 ID=39907 DF PROTO=UDP SPT=58108 DPT=31377 LEN=1058
  5. Dec 18 15:07:00 dst-host kernel: TRACE: mangle:INPUT:policy:1 IN=ens160 OUT= MAC=<MAC_ADDRESS> SRC=<SRC_HOST> DST=<DST_HOST> LEN=1078 TOS=0x00 PREC=0x00 TTL=64 ID=39907 DF PROTO=UDP SPT=58108 DPT=31377 LEN=1058 UID=55377 GID=10513
  6. Dec 18 15:07:00 dst-host kernel: TRACE: filter:INPUT:policy:7 IN=ens160 OUT= MAC=<MAC_ADDRESS> SRC=<SRC_HOST> DST=<DST_HOST> LEN=1078 TOS=0x00 PREC=0x00 TTL=64 ID=39907 DF PROTO=UDP SPT=58108 DPT=31377 LEN=1058 UID=55377 GID=10513
  7.  
  8. UDP packet 2:
  9.  
  10. Dec 18 15:15:32 dst-host kernel: TRACE: raw:PREROUTING:policy:5 IN=ens160 OUT= MAC=<MAC_ADDRESS> SRC=<SRC_HOST> DST=<DST_HOST> LEN=1078 TOS=0x00 PREC=0x00 TTL=64 ID=31105 DF PROTO=UDP SPT=57564 DPT=31377 LEN=1058
  11. Dec 18 15:15:32 dst-host kernel: TRACE: mangle:PREROUTING:policy:1 IN=ens160 OUT= MAC=<MAC_ADDRESS> SRC=<SRC_HOST> DST=<DST_HOST> LEN=1078 TOS=0x00 PREC=0x00 TTL=64 ID=31105 DF PROTO=UDP SPT=57564 DPT=31377 LEN=1058
  12. Dec 18 15:15:32 dst-host kernel: TRACE: mangle:INPUT:policy:1 IN=ens160 OUT= MAC=<MAC_ADDRESS> SRC=<SRC_HOST> DST=<DST_HOST> LEN=1078 TOS=0x00 PREC=0x00 TTL=64 ID=31105 DF PROTO=UDP SPT=57564 DPT=31377 LEN=1058 UID=55377 GID=10513
  13. Dec 18 15:15:32 dst-host kernel: TRACE: filter:INPUT:rule:4 IN=ens160 OUT= MAC=<MAC_ADDRESS> SRC=<SRC_HOST> DST=<DST_HOST> LEN=1078 TOS=0x00 PREC=0x00 TTL=64 ID=31105 DF PROTO=UDP SPT=57564 DPT=31377 LEN=1058 UID=55377 GID=10513
  14.  
  15. INPUT chain in the filter table:
  16.  
  17. Chain INPUT (policy ACCEPT)
  18. target prot opt source destination
  19. ACCEPT udp -- anywhere anywhere /* AppDefense_Iptable_rules */
  20. ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN mark match ! 0x7e/0xfe /* AppDefense_Iptable_rules */
  21. NFQUEUE udp -- anywhere anywhere udp spt:domain ctstate ESTABLISHED mark match ! 0x1/0x1 /* AppDefense_Iptable_rules */ NFQUEUE num 0 bypass
  22. NFQUEUE udp -- anywhere anywhere ctstate NEW mark match ! 0x1/0x1 /* AppDefense_Iptable_rules */ NFQUEUE num 0 bypass
  23. NFQUEUE tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN mark match ! 0x1/0x1 /* AppDefense_Iptable_rules */ NFQUEUE num 0 bypass
  24. vnetchain tcp -- anywhere anywhere mark match ! 0x1/0x1 tcp flags:FIN,SYN,RST,PSH,ACK/SYN
  25.  
  26. iptables-save outout:
  27. # Generated by iptables-save v1.4.21 on Fri Dec 18 15:46:23 2020
  28. *raw
  29. :PREROUTING ACCEPT [1083206:121729816]
  30. :OUTPUT ACCEPT [945565:216273294]
  31. -A PREROUTING -p icmp -m icmp --icmp-type 8 -j TRACE
  32. -A PREROUTING -p udp -m udp --dport 4789 -j TRACE
  33. -A PREROUTING -p udp -m udp --dport 31377 -j TRACE
  34. -A PREROUTING -p tcp -m tcp --dport 31377 -j TRACE
  35. COMMIT
  36. # Completed on Fri Dec 18 15:46:23 2020
  37. # Generated by iptables-save v1.4.21 on Fri Dec 18 15:46:23 2020
  38. *mangle
  39. :PREROUTING ACCEPT [2666931:277032909]
  40. :INPUT ACCEPT [2435162:247221410]
  41. :FORWARD ACCEPT [231769:29811499]
  42. :OUTPUT ACCEPT [2326532:517379471]
  43. :POSTROUTING ACCEPT [2558333:547194234]
  44. COMMIT
  45. # Completed on Fri Dec 18 15:46:23 2020
  46. # Generated by iptables-save v1.4.21 on Fri Dec 18 15:46:23 2020
  47. *nat
  48. :PREROUTING ACCEPT [38849:2491382]
  49. :INPUT ACCEPT [36893:2348650]
  50. :OUTPUT ACCEPT [98000:6532091]
  51. :POSTROUTING ACCEPT [98041:6534551]
  52. :DOCKER - [0:0]
  53. -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
  54. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
  55. -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
  56. -A POSTROUTING -s 172.18.0.0/16 ! -o docker_gwbridge -j MASQUERADE
  57. -A POSTROUTING -s 172.21.0.0/16 ! -o br-d6ff259af253 -j MASQUERADE
  58. -A POSTROUTING -s 172.21.0.2/32 -d 172.21.0.2/32 -p tcp -m tcp --dport 15672 -j MASQUERADE
  59. -A POSTROUTING -s 172.21.0.2/32 -d 172.21.0.2/32 -p tcp -m tcp --dport 5672 -j MASQUERADE
  60. -A POSTROUTING -s 172.21.0.6/32 -d 172.21.0.6/32 -p tcp -m tcp --dport 8000 -j MASQUERADE
  61. -A DOCKER -i docker0 -j RETURN
  62. -A DOCKER -i docker_gwbridge -j RETURN
  63. -A DOCKER -i br-d6ff259af253 -j RETURN
  64. -A DOCKER ! -i br-d6ff259af253 -p tcp -m tcp --dport 15672 -j DNAT --to-destination 172.21.0.2:15672
  65. -A DOCKER ! -i br-d6ff259af253 -p tcp -m tcp --dport 5672 -j DNAT --to-destination 172.21.0.2:5672
  66. -A DOCKER ! -i br-d6ff259af253 -p tcp -m tcp --dport 8000 -j DNAT --to-destination 172.21.0.6:8000
  67. COMMIT
  68. # Completed on Fri Dec 18 15:46:23 2020
  69. # Generated by iptables-save v1.4.21 on Fri Dec 18 15:46:23 2020
  70. *filter
  71. :INPUT ACCEPT [30871:2960204]
  72. :FORWARD DROP [0:0]
  73. :OUTPUT ACCEPT [28473:6604173]
  74. :DOCKER - [0:0]
  75. :DOCKER-ISOLATION-STAGE-1 - [0:0]
  76. :DOCKER-ISOLATION-STAGE-2 - [0:0]
  77. :DOCKER-USER - [0:0]
  78. :vnetchain - [0:0]
  79. -A INPUT -i lo -p udp -m comment --comment AppDefense_Iptable_rules -j ACCEPT
  80. -A INPUT -i lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -m mark ! --mark 0x7e/0xfe -m comment --comment AppDefense_Iptable_rules -j ACCEPT
  81. -A INPUT -p udp -m udp --sport 53 -m conntrack --ctstate ESTABLISHED -m mark ! --mark 0x1/0x1 -m comment --comment AppDefense_Iptable_rules -j NFQUEUE --queue-num 0 --queue-bypass
  82. -A INPUT -p udp -m conntrack --ctstate NEW -m mark ! --mark 0x1/0x1 -m comment --comment AppDefense_Iptable_rules -j NFQUEUE --queue-num 0 --queue-bypass
  83. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -m mark ! --mark 0x1/0x1 -m comment --comment AppDefense_Iptable_rules -j NFQUEUE --queue-num 0 --queue-bypass
  84. -A INPUT -p tcp -m mark ! --mark 0x1/0x1 -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK SYN -j vnetchain
  85. -A FORWARD -j DOCKER-USER
  86. -A FORWARD -j DOCKER-ISOLATION-STAGE-1
  87. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  88. -A FORWARD -o docker0 -j DOCKER
  89. -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  90. -A FORWARD -i docker0 -o docker0 -j ACCEPT
  91. -A FORWARD -o docker_gwbridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  92. -A FORWARD -o docker_gwbridge -j DOCKER
  93. -A FORWARD -i docker_gwbridge ! -o docker_gwbridge -j ACCEPT
  94. -A FORWARD -o br-d6ff259af253 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  95. -A FORWARD -o br-d6ff259af253 -j DOCKER
  96. -A FORWARD -i br-d6ff259af253 ! -o br-d6ff259af253 -j ACCEPT
  97. -A FORWARD -i br-d6ff259af253 -o br-d6ff259af253 -j ACCEPT
  98. -A FORWARD -i docker_gwbridge -o docker_gwbridge -j DROP
  99. -A OUTPUT -o lo -p udp -m comment --comment AppDefense_Iptable_rules -j ACCEPT
  100. -A OUTPUT -o lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -m comment --comment AppDefense_Iptable_rules -j ACCEPT
  101. -A OUTPUT -p udp -m udp --dport 53 -m comment --comment AppDefense_Iptable_rules -j ACCEPT
  102. -A OUTPUT -p udp -m conntrack --ctstate NEW -m mark ! --mark 0x1/0x1 -m comment --comment AppDefense_Iptable_rules -j NFQUEUE --queue-num 0 --queue-bypass
  103. -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -m mark ! --mark 0x1/0x1 -m comment --comment AppDefense_Iptable_rules -j NFQUEUE --queue-num 0 --queue-bypass
  104. -A OUTPUT -p tcp -m mark ! --mark 0x1/0x1 -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK SYN -j vnetchain
  105. -A DOCKER -d 172.21.0.2/32 ! -i br-d6ff259af253 -o br-d6ff259af253 -p tcp -m tcp --dport 15672 -j ACCEPT
  106. -A DOCKER -d 172.21.0.2/32 ! -i br-d6ff259af253 -o br-d6ff259af253 -p tcp -m tcp --dport 5672 -j ACCEPT
  107. -A DOCKER -d 172.21.0.6/32 ! -i br-d6ff259af253 -o br-d6ff259af253 -p tcp -m tcp --dport 8000 -j ACCEPT
  108. -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
  109. -A DOCKER-ISOLATION-STAGE-1 -i docker_gwbridge ! -o docker_gwbridge -j DOCKER-ISOLATION-STAGE-2
  110. -A DOCKER-ISOLATION-STAGE-1 -i br-d6ff259af253 ! -o br-d6ff259af253 -j DOCKER-ISOLATION-STAGE-2
  111. -A DOCKER-ISOLATION-STAGE-1 -j RETURN
  112. -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
  113. -A DOCKER-ISOLATION-STAGE-2 -o docker_gwbridge -j DROP
  114. -A DOCKER-ISOLATION-STAGE-2 -o br-d6ff259af253 -j DROP
  115. -A DOCKER-ISOLATION-STAGE-2 -j RETURN
  116. -A DOCKER-USER -j RETURN
  117. -A vnetchain -j NFQUEUE --queue-num 0 --queue-bypass
  118. COMMIT
  119. # Completed on Fri Dec 18 15:46:23 2020
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!