paste.lug.ro

ip6tables

From KobrAs, 2 Years ago, written in Plain Text, viewed 109 times.
URL https://paste.lug.ro/view/57121d5f Embed
Download Paste or View Raw
  1. # Generated by ip6tables-save v1.6.0 on Fri Feb 22 23:40:52 2019
  2. *mangle
  3. :PREROUTING ACCEPT [696415:82503926]
  4. :INPUT ACCEPT [696415:82503926]
  5. :FORWARD ACCEPT [0:0]
  6. :OUTPUT ACCEPT [637909:81459016]
  7. :POSTROUTING ACCEPT [637909:81459016]
  8. COMMIT
  9. # Completed on Fri Feb 22 23:40:52 2019
  10. # Generated by ip6tables-save v1.6.0 on Fri Feb 22 23:40:52 2019
  11. *raw
  12. :PREROUTING ACCEPT [696416:82503998]
  13. :OUTPUT ACCEPT [637910:81459180]
  14. COMMIT
  15. # Completed on Fri Feb 22 23:40:52 2019
  16. # Generated by ip6tables-save v1.6.0 on Fri Feb 22 23:40:52 2019
  17. *nat
  18. :PREROUTING ACCEPT [822:101891]
  19. :INPUT ACCEPT [760:59676]
  20. :OUTPUT ACCEPT [491:39328]
  21. :POSTROUTING ACCEPT [491:39328]
  22. COMMIT
  23. # Completed on Fri Feb 22 23:40:52 2019
  24. # Generated by ip6tables-save v1.6.0 on Fri Feb 22 23:40:52 2019
  25. *filter
  26. :INPUT DROP [0:0]
  27. :FORWARD DROP [0:0]
  28. :OUTPUT DROP [0:0]
  29. :ALLOWIN - [0:0]
  30. :ALLOWOUT - [0:0]
  31. :DENYIN - [0:0]
  32. :DENYOUT - [0:0]
  33. :INVALID - [0:0]
  34. :INVDROP - [0:0]
  35. :LOCALINPUT - [0:0]
  36. :LOCALOUTPUT - [0:0]
  37. :LOGDROPIN - [0:0]
  38. :LOGDROPOUT - [0:0]
  39. -A INPUT ! -i lo -j LOCALINPUT
  40. -A INPUT -i lo -j ACCEPT
  41. -A INPUT ! -i lo -p tcp -j INVALID
  42. -A INPUT ! -i lo -p ipv6-icmp -j ACCEPT
  43. -A INPUT ! -i lo -m state --state RELATED,ESTABLISHED -j ACCEPT
  44. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
  45. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 113 -j ACCEPT
  46. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
  47. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 6660:6669 -j ACCEPT
  48. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 7000 -j ACCEPT
  49. -A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 6697 -j ACCEPT
  50. -A INPUT ! -i lo -j LOGDROPIN
  51. -A OUTPUT ! -o lo -j LOCALOUTPUT
  52. -A OUTPUT ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT
  53. -A OUTPUT ! -o lo -p udp -m udp --dport 53 -j ACCEPT
  54. -A OUTPUT ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT
  55. -A OUTPUT ! -o lo -p udp -m udp --sport 53 -j ACCEPT
  56. -A OUTPUT -o lo -j ACCEPT
  57. -A OUTPUT ! -o lo -p tcp -j INVALID
  58. -A OUTPUT ! -o lo -p ipv6-icmp -j ACCEPT
  59. -A OUTPUT ! -o lo -m state --state RELATED,ESTABLISHED -j ACCEPT
  60. -A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp -j ACCEPT
  61. -A OUTPUT ! -o lo -p udp -m state --state NEW -m udp -j ACCEPT
  62. -A OUTPUT ! -o lo -j REJECT --reject-with icmp6-port-unreachable
  63. -A ALLOWIN -s 2001:123/128 ! -i lo -j ACCEPT
  64. -A ALLOWIN -s 2a05:123/128 ! -i lo -j ACCEPT
  65. -A ALLOWOUT -d 2001:123/128 ! -o lo -j ACCEPT
  66. -A ALLOWOUT -d 2a05:123/128 ! -o lo -j ACCEPT
  67. -A INVALID -m state --state INVALID -j INVDROP
  68. -A INVALID -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j INVDROP
  69. -A INVALID -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j INVDROP
  70. -A INVALID -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j INVDROP
  71. -A INVALID -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j INVDROP
  72. -A INVALID -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j INVDROP
  73. -A INVALID -p tcp -m tcp --tcp-flags FIN,ACK FIN -j INVDROP
  74. -A INVALID -p tcp -m tcp --tcp-flags PSH,ACK PSH -j INVDROP
  75. -A INVALID -p tcp -m tcp --tcp-flags ACK,URG URG -j INVDROP
  76. -A INVALID -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j INVDROP
  77. -A INVDROP -j DROP
  78. -A LOCALINPUT ! -i lo -j ALLOWIN
  79. -A LOCALINPUT ! -i lo -j DENYIN
  80. -A LOCALOUTPUT ! -o lo -j ALLOWOUT
  81. -A LOCALOUTPUT ! -o lo -j DENYOUT
  82. -A LOGDROPIN -p tcp -m tcp --dport 67 -j DROP
  83. -A LOGDROPIN -p udp -m udp --dport 67 -j DROP
  84. -A LOGDROPIN -p tcp -m tcp --dport 68 -j DROP
  85. -A LOGDROPIN -p udp -m udp --dport 68 -j DROP
  86. -A LOGDROPIN -p tcp -m tcp --dport 111 -j DROP
  87. -A LOGDROPIN -p udp -m udp --dport 111 -j DROP
  88. -A LOGDROPIN -p tcp -m tcp --dport 113 -j DROP
  89. -A LOGDROPIN -p udp -m udp --dport 113 -j DROP
  90. -A LOGDROPIN -p tcp -m tcp --dport 135:139 -j DROP
  91. -A LOGDROPIN -p udp -m udp --dport 135:139 -j DROP
  92. -A LOGDROPIN -p tcp -m tcp --dport 445 -j DROP
  93. -A LOGDROPIN -p udp -m udp --dport 445 -j DROP
  94. -A LOGDROPIN -p tcp -m tcp --dport 500 -j DROP
  95. -A LOGDROPIN -p udp -m udp --dport 500 -j DROP
  96. -A LOGDROPIN -p tcp -m tcp --dport 513 -j DROP
  97. -A LOGDROPIN -p udp -m udp --dport 513 -j DROP
  98. -A LOGDROPIN -p tcp -m tcp --dport 520 -j DROP
  99. -A LOGDROPIN -p udp -m udp --dport 520 -j DROP
  100. -A LOGDROPIN -p tcp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *TCP6IN Blocked* "
  101. -A LOGDROPIN -p udp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *UDP6IN Blocked* "
  102. -A LOGDROPIN -p ipv6-icmp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *ICMP6IN Blocked* "
  103. -A LOGDROPIN -j DROP
  104. -A LOGDROPOUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 30/min -j LOG --log-prefix "Firewall: *TCP6OUT Blocked* " --log-uid
  105. -A LOGDROPOUT -p udp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *UDP6OUT Blocked* " --log-uid
  106. -A LOGDROPOUT -p ipv6-icmp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *ICMP6OUT Blocked* " --log-uid
  107. -A LOGDROPOUT -j REJECT --reject-with icmp6-port-unreachable
  108. COMMIT
  109. # Completed on Fri Feb 22 23:40:52 2019

Reply to "ip6tables"

Here you can reply to the paste above

captcha
Powered by Stikked