Created
August 25, 2018 18:12
-
-
Save MikeiLL/3b54a7d1822051fb8e54a150555fd58d to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo iptables -L -n | |
| Chain INPUT (policy DROP) | |
| target prot opt source destination | |
| f2b-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22 | |
| f2b-sshd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22 | |
| DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID | |
| ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED | |
| ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 | |
| LOG all -- 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 3600 name: badguys side: source mask: 255.255.255.255 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix "iptables-recent-badguys: " | |
| DROP all -- 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 3600 name: badguys side: source mask: 255.255.255.255 | |
| ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 | |
| ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 | |
| ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 | |
| ACCEPT tcp -- 108.205.63.107 0.0.0.0/0 tcp dpt:22 | |
| dport-limit-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x17/0x02 | |
| ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x17/0x02 | |
| REJECT udp -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | |
| REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset | |
| REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable | |
| ufw-before-logging-input all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-after-input all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-after-logging-input all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-reject-input all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-track-input all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain FORWARD (policy DROP) | |
| target prot opt source destination | |
| DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID | |
| ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED | |
| ufw-before-logging-forward all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-before-forward all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-after-forward all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-after-logging-forward all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-reject-forward all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-track-forward all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain OUTPUT (policy ACCEPT) | |
| target prot opt source destination | |
| DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID | |
| ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED | |
| ufw-before-logging-output all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-before-output all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-after-output all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-after-logging-output all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-reject-output all -- 0.0.0.0/0 0.0.0.0/0 | |
| ufw-track-output all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain dport-limit-ssh (1 references) | |
| target prot opt source destination | |
| tcp -- 0.0.0.0/0 0.0.0.0/0 recent: SET name: SSH side: source mask: 255.255.255.255 | |
| dport-log-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 300 hit_count: 20 name: SSH side: source mask: 255.255.255.255 | |
| Chain dport-log-ssh (1 references) | |
| target prot opt source destination | |
| LOG tcp -- 0.0.0.0/0 0.0.0.0/0 recent: SET name: badguys side: source mask: 255.255.255.255 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix "iptables-blocked-ssh: " | |
| DROP tcp -- 0.0.0.0/0 0.0.0.0/0 recent: SET name: badguys side: source mask: 255.255.255.255 | |
| Chain f2b-ssh (1 references) | |
| target prot opt source destination | |
| RETURN all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain f2b-sshd (1 references) | |
| target prot opt source destination | |
| RETURN all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain ufw-after-forward (1 references) | |
| target prot opt source destination | |
| Chain ufw-after-input (1 references) | |
| target prot opt source destination | |
| ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 | |
| ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 | |
| ufw-skip-to-policy-input tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 | |
| ufw-skip-to-policy-input tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 | |
| ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 | |
| ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 | |
| ufw-skip-to-policy-input all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST | |
| Chain ufw-after-logging-forward (1 references) | |
| target prot opt source destination | |
| LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " | |
| Chain ufw-after-logging-input (1 references) | |
| target prot opt source destination | |
| LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " | |
| Chain ufw-after-logging-output (1 references) | |
| target prot opt source destination | |
| Chain ufw-after-output (1 references) | |
| target prot opt source destination | |
| Chain ufw-before-forward (1 references) | |
| target prot opt source destination | |
| ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED | |
| ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 | |
| ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 4 | |
| ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11 | |
| ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12 | |
| ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 | |
| ufw-user-forward all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain ufw-before-input (1 references) | |
| target prot opt source destination | |
| ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 | |
| ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED | |
| ufw-logging-deny all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID | |
| DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID | |
| ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 | |
| ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 4 | |
| ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11 | |
| ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12 | |
| ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 | |
| ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68 | |
| ufw-not-local all -- 0.0.0.0/0 0.0.0.0/0 | |
| ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 | |
| ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 | |
| ufw-user-input all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain ufw-before-logging-forward (1 references) | |
| target prot opt source destination | |
| Chain ufw-before-logging-input (1 references) | |
| target prot opt source destination | |
| Chain ufw-before-logging-output (1 references) | |
| target prot opt source destination | |
| Chain ufw-before-output (1 references) | |
| target prot opt source destination | |
| ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 | |
| ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED | |
| ufw-user-output all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain ufw-logging-allow (0 references) | |
| target prot opt source destination | |
| LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " | |
| Chain ufw-logging-deny (2 references) | |
| target prot opt source destination | |
| RETURN all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID limit: avg 3/min burst 10 | |
| LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " | |
| Chain ufw-not-local (1 references) | |
| target prot opt source destination | |
| RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL | |
| RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST | |
| RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST | |
| ufw-logging-deny all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 | |
| DROP all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain ufw-reject-forward (1 references) | |
| target prot opt source destination | |
| Chain ufw-reject-input (1 references) | |
| target prot opt source destination | |
| Chain ufw-reject-output (1 references) | |
| target prot opt source destination | |
| Chain ufw-skip-to-policy-forward (0 references) | |
| target prot opt source destination | |
| DROP all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain ufw-skip-to-policy-input (7 references) | |
| target prot opt source destination | |
| DROP all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain ufw-skip-to-policy-output (0 references) | |
| target prot opt source destination | |
| ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain ufw-track-forward (1 references) | |
| target prot opt source destination | |
| Chain ufw-track-input (1 references) | |
| target prot opt source destination | |
| Chain ufw-track-output (1 references) | |
| target prot opt source destination | |
| ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW | |
| ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW | |
| Chain ufw-user-forward (1 references) | |
| target prot opt source destination | |
| Chain ufw-user-input (1 references) | |
| target prot opt source destination | |
| ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* 'dapp_OpenSSH' */ | |
| ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 | |
| ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 | |
| ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 40000:50000 | |
| ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:990 | |
| Chain ufw-user-limit (0 references) | |
| target prot opt source destination | |
| LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " | |
| REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | |
| Chain ufw-user-limit-accept (0 references) | |
| target prot opt source destination | |
| ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 | |
| Chain ufw-user-logging-forward (0 references) | |
| target prot opt source destination | |
| Chain ufw-user-logging-input (0 references) | |
| target prot opt source destination | |
| Chain ufw-user-logging-output (0 references) | |
| target prot opt source destination | |
| Chain ufw-user-output (1 references) | |
| target prot opt source destination |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment