65 lines
2.3 KiB
Plaintext
65 lines
2.3 KiB
Plaintext
|
# Generated by iptables-save v1.4.21 on Sat May 13 10:34:33 2017
|
||
|
*filter
|
||
|
:INPUT DROP [59:5736]
|
||
|
:FORWARD DROP [0:0]
|
||
|
:OUTPUT ACCEPT [45:49826]
|
||
|
|
||
|
-A INPUT -m set --match-set drop src -j DROP
|
||
|
-A OUTPUT -m set --match-set drop dst -j DROP
|
||
|
|
||
|
#-A INPUT -s 45.76.28.244 -p ICMP --icmp-type 8 -j ACCEPT
|
||
|
-A INPUT -p ICMP --icmp-type 8 -j ACCEPT
|
||
|
#-A INPUT -s 72.240.75.15 -p ICMP --icmp-type 8 -j ACCEPT
|
||
|
-A INPUT -s 45.77.155.17 -p udp -m udp --dport 16854 -j ACCEPT
|
||
|
-A INPUT -s 149.28.225.238 -p tcp -m tcp --dport 6556 -j ACCEPT
|
||
|
#-A INPUT -p udp -m udp --dport 16854 -j ACCEPT
|
||
|
|
||
|
-A INPUT -p tcp -m tcp --dport 22333 -j ACCEPT
|
||
|
-A INPUT -p udp --dport 60000:60006 -j ACCEPT
|
||
|
|
||
|
-A INPUT -m state --state INVALID -j DROP
|
||
|
-A FORWARD -m state --state INVALID -j DROP
|
||
|
##-A OUTPUT -m state --state INVALID -j DROP
|
||
|
|
||
|
-A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT
|
||
|
|
||
|
-A INPUT -m recent --name portscan --rcheck --second 86400 -j DROP
|
||
|
-A FORWARD -m recent --name portscan --rcheck --second 86400 -j DROP
|
||
|
|
||
|
-A INPUT -m recent --name portscan --remove
|
||
|
-A FORWARD -m recent --name portscan --remove
|
||
|
|
||
|
-A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:"
|
||
|
-A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
|
||
|
|
||
|
-A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:"
|
||
|
-A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
|
||
|
#### END DROP INVALID DATA 20180408 ####
|
||
|
|
||
|
-A INPUT -i lo -j ACCEPT
|
||
|
|
||
|
#-A INPUT -p tcp --dport 22333 -i ztwfuerpaw -j ACCEPT
|
||
|
|
||
|
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||
|
|
||
|
#-A INPUT -m set --match-set allowHTTPS src -p tcp -m tcp --dport 443 -j ACCEPT
|
||
|
#-A INPUT -m set --match-set directHTTPS src -p tcp -m tcp --dport 443 -j ACCEPT
|
||
|
|
||
|
# SSH
|
||
|
-A INPUT -m set --match-set allowSSH src -p tcp -m tcp --dport 22333 -j ACCEPT
|
||
|
|
||
|
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
|
||
|
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
|
||
|
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
|
||
|
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
|
||
|
-A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
|
||
|
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
|
||
|
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
|
||
|
|
||
|
#-A OUTPUT -j ACCEPT
|
||
|
#-A FORWARD -j DROP
|
||
|
##-A INPUT -i eth0 -j DROP
|
||
|
#-A INPUT -j DROP
|
||
|
COMMIT
|
||
|
# Completed on Sat May 13 10:34:33 2017
|