1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
|
# Generated by iptables-save v1.4.7 on Tue Feb 12 06:38:55 2013
*mangle
:PREROUTING ACCEPT [397:52385]
:INPUT ACCEPT [397:52385]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [683:60906]
:POSTROUTING ACCEPT [151:14222]
COMMIT
# Completed on Tue Feb 12 06:38:55 2013
# Generated by iptables-save v1.4.7 on Tue Feb 12 06:38:55 2013
*nat
:PREROUTING ACCEPT [123:18804]
:POSTROUTING ACCEPT [32:2941]
:OUTPUT ACCEPT [564:49625]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
COMMIT
# Completed on Tue Feb 12 06:38:55 2013
# Generated by iptables-save v1.4.7 on Tue Feb 12 06:38:55 2013
*filter
:INPUT DROP [24:1152]
:FORWARD DROP [0:0]
:OUTPUT DROP [9:622]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.0/24 -d 192.168.0.3/32 -i eth0 -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT
-A INPUT -s 192.168.0.0/24 -d 192.168.0.255/32 -i eth0 -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT
-A INPUT -s 0.0.0.0/32 -d 255.255.255.255/32 -i eth0 -p udp -m udp --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 25 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 192.168.0.3/32 -i eth0 -p tcp -m tcp --dport 21 -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT
-A INPUT -d 192.168.0.3/32 -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 192.168.0.3/32 -i eth0 -p tcp -m tcp --dport 8270 -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT
-A INPUT -d 192.168.0.3/32 -i eth0 -p udp -m udp --dport 8271 -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT
-A INPUT -s 212.27.38.253/32 -i eth0 -p udp -m udp --dport 1024:65535 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -j LOG --log-prefix "[IN_PKTS_DROP]==> "
-A INPUT -p tcp -m state --state NEW --dport 135 -j ACCEPT
-A INPUT -p udp -m state --state NEW --dport 135 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 137 -j ACCEPT
-A INPUT -p udp -m state --state NEW --dport 137 -j ACCEPT
-A INPUT -p udp -m state --state NEW --dport 138 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 445 -j ACCEPT
-A INPUT -p udp -m state --state NEW --dport 445 -j ACCEPT
-A FORWARD -j LOG --log-prefix "[FO_PKTS_DROP]==> "
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 192.168.0.3/32 -d 192.168.0.0/24 -o eth0 -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT
-A OUTPUT -s 192.168.0.3/32 -d 192.168.0.255/32 -o eth0 -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.0.3/32 -o eth0 -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT
-A OUTPUT -d 212.27.38.253/32 -o eth0 -p udp -m udp --sport 1024:65535 -j ACCEPT
-A OUTPUT -j LOG --log-prefix "[OU_PKTS_DROP]==> "
COMMIT
# Completed on Tue Feb 12 06:38:55 2013 |
Partager