Last active
December 18, 2015 10:10
-
-
Save maoy/5766622 to your computer and use it in GitHub Desktop.
iptables setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by iptables-save v1.4.12 on Wed Jun 12 16:26:14 2013 | |
| *filter | |
| :INPUT ACCEPT [282786:311755668]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [189653:22627850] | |
| -A FORWARD -p tcp -d 172.31.254.101 --match multiport --dports 443,8774,8773,6080,5000,8776 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT | |
| -A FORWARD -p tcp -d 172.31.254.100 --dport 4040 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT | |
| -A INPUT -i br100 -p udp -m udp --dport 53 -j ACCEPT-A INPUT -i br100 -p tcp -m tcp --dport 53 -j ACCEPT | |
| -A INPUT -i br100 -p udp -m udp --dport 67 -j ACCEPT | |
| -A INPUT -i br100 -p tcp -m tcp --dport 67 -j ACCEPT | |
| -A FORWARD -d 172.31.254.0/24 -o br100 -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| -A FORWARD -s 172.31.254.0/24 -i br100 -j ACCEPT | |
| -A FORWARD -i br100 -o br100 -j ACCEPT | |
| -A FORWARD -o br100 -j REJECT --reject-with icmp-port-unreachable | |
| -A FORWARD -i br100 -j REJECT --reject-with icmp-port-unreachable | |
| COMMIT | |
| # Completed on Wed Jun 12 16:26:14 2013 | |
| # Generated by iptables-save v1.4.12 on Wed Jun 12 16:26:14 2013 | |
| *mangle | |
| :PREROUTING ACCEPT [978810:1084949380]:INPUT ACCEPT [284356:312025305] | |
| :FORWARD ACCEPT [681489:772524269] | |
| :OUTPUT ACCEPT [189653:22627850] | |
| :POSTROUTING ACCEPT [871076:795147895] | |
| -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill | |
| -A POSTROUTING -o br100 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill | |
| COMMIT | |
| # Completed on Wed Jun 12 16:26:14 2013 | |
| # Generated by iptables-save v1.4.12 on Wed Jun 12 16:26:14 2013 | |
| *nat | |
| :PREROUTING ACCEPT [12:596] | |
| :INPUT ACCEPT [1:48] | |
| :OUTPUT ACCEPT [0:0] | |
| :POSTROUTING ACCEPT [0:0] | |
| -A PREROUTING -i eth0 -p tcp -m tcp --match multiport --dports 443,8774,8773,6080,5000,8776 -j DNAT --to-destination 172.31.254.101 | |
| -A PREROUTING -i eth0 -p tcp -m tcp --dport 4040 -j DNAT --to-destination 172.31.254.100 | |
| -A POSTROUTING -s 172.31.254.0/24 ! -d 172.31.254.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 | |
| -A POSTROUTING -s 172.31.254.0/24 ! -d 172.31.254.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 | |
| -A POSTROUTING -s 172.31.254.0/24 ! -d 172.31.254.0/24 -j MASQUERADE | |
| COMMIT | |
| # Completed on Wed Jun 12 16:26:14 2013 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment