wireless.txt 3.73 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# Generated by iptables-save v1.4.21 on Thu Jun 29 18:03:06 2017
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:port_assignment - [0:0]
-A PREROUTING -j port_assignment
-A OUTPUT -j port_assignment
-A port_assignment -p tcp -m tcp --dport 1723 -j CT --helper pptp
COMMIT
# Completed on Thu Jun 29 18:03:06 2017
# Generated by iptables-save v1.4.21 on Thu Jun 29 18:03:06 2017
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:CUST_I15_IN - [0:0]
:CUST_I15_OUT - [0:0]
:CUST_I16_IN - [0:0]
:CUST_I16_OUT - [0:0]
:L_ACCEPT - [0:0]
:L_DROP - [0:0]
:L_REJECT - [0:0]
:VPN_USERS_IN - [0:0]
:VPN_USERS_OUT - [0:0]
-A INPUT -m conntrack --ctstate INVALID -j L_DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j L_ACCEPT
-A INPUT -i lo -j L_ACCEPT
-A INPUT -s 10.78.129.130/32 -p tcp -m tcp --dport 5666 -j L_ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,80,443,873,1723 -j L_ACCEPT
-A INPUT -p udp -m udp -m multiport --dports 500,1701,4500 -j L_ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j L_ACCEPT
-A INPUT -s 10.31.70.8/29 -i bond0.208 -p tcp -m tcp --dport 179 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT
-A INPUT -s 10.44.224.8/29 -i bond0.686 -p tcp -m tcp --dport 179 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT
-A INPUT -p esp -j L_ACCEPT
-A INPUT -s 168.209.255.75/32 -p gre -j L_ACCEPT
-A INPUT -s 168.209.255.106/32 -p gre -j L_ACCEPT
-A INPUT -s 10.35.167.46/32 -p gre -j L_ACCEPT
-A INPUT -s 10.35.167.45/32 -p gre -j L_ACCEPT
-A INPUT -i gre-wbcore -j L_ACCEPT
-A INPUT -i gre-davo-+ -j L_ACCEPT
-A INPUT -i bond0.208 -j L_DROP
-A INPUT -i bond0.686 -j L_DROP
-A INPUT -j L_ACCEPT
-A FORWARD -i bond0.10 -j ACCEPT
-A FORWARD -m conntrack --ctstate INVALID -j L_DROP
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j L_ACCEPT
-A FORWARD -d 10.31.63.80/30 -o bond0.10 -j L_ACCEPT
-A FORWARD -o bond0.11 -j CUST_I16_IN
-A FORWARD -i bond0.11 -j CUST_I16_OUT
-A FORWARD -o bond0.12 -j CUST_I15_IN
-A FORWARD -i bond0.12 -j CUST_I15_OUT
-A FORWARD -s 192.168.255.0/24 -i ppp+ -o bond0.208 -j L_DROP
-A FORWARD -s 192.168.255.0/24 -i ppp+ -o bond0.686 -j L_DROP
-A FORWARD -j L_ACCEPT
-A CUST_I15_IN -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT
-A CUST_I15_IN -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT
-A CUST_I15_IN -p tcp -m tcp --dport 433 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT
-A CUST_I15_IN -p tcp -m tcp --dport 3306 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT
-A CUST_I15_IN -p tcp -m tcp --dport 3390 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT
-A CUST_I15_IN -j L_DROP
-A CUST_I15_OUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,443 -j L_ACCEPT
-A CUST_I15_OUT -j L_DROP
-A CUST_I16_IN -p tcp -m tcp --dport 3390 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT
-A CUST_I16_IN -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT
-A CUST_I16_IN -p icmp -m icmp --icmp-type 8 -j L_ACCEPT
-A CUST_I16_IN -j L_DROP
-A CUST_I16_OUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,443 -j L_ACCEPT
-A CUST_I16_OUT -d 154.73.34.12/32 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 25 -j L_ACCEPT
-A CUST_I16_OUT -j L_DROP
-A L_ACCEPT -j NFLOG --nflog-group 1 --nflog-threshold 5
-A L_ACCEPT -j ACCEPT
-A L_DROP -j LOG --log-prefix "L_DROP: "
-A L_DROP -j NFLOG --nflog-group 2 --nflog-threshold 5
-A L_DROP -j DROP
-A L_REJECT -j NFLOG --nflog-group 3 --nflog-threshold 5
-A L_REJECT -j REJECT --reject-with icmp-port-unreachable
-A VPN_USERS_IN -i ppp0 -m comment --comment "User: " -j ACCEPT
-A VPN_USERS_OUT -o ppp0 -m comment --comment "User: " -j ACCEPT
COMMIT
# Completed on Thu Jun 29 18:03:06 2017