Skip to content

Instantly share code, notes, and snippets.

@micw

micw/gist:71d9270c5bc553e51d13fe449e21ef4c

Created September 2, 2016 10:05
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save micw/71d9270c5bc553e51d13fe449e21ef4c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save micw/71d9270c5bc553e51d13fe449e21ef4c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
# Generated by iptables-save v1.4.21 on Fri Sep 2 12:05:36 2016
*mangle
:PREROUTING ACCEPT [236900:348900702]
:INPUT ACCEPT [106994:147750890]
:FORWARD ACCEPT [129870:201086992]
:OUTPUT ACCEPT [105923:143036699]
:POSTROUTING ACCEPT [235793:344123691]
[0:0] -A INPUT -p esp -j MARK --set-xmark 0x1/0x1
[0:0] -A INPUT -p udp -m udp --dport 4500 -j MARK --set-xmark 0x1/0x1
COMMIT
# Completed on Fri Sep 2 12:05:36 2016
# Generated by iptables-save v1.4.21 on Fri Sep 2 12:05:36 2016
*nat
:PREROUTING ACCEPT [1509:92665]
:INPUT ACCEPT [1365:82720]
:OUTPUT ACCEPT [6838:415364]
:POSTROUTING ACCEPT [775:51485]
[114:6840] -A PREROUTING -s 188.68.xxx.xxx/32 -d 37.120.xxx.xxx/32 -i eth0 -p tcp -m tcp --dport 9300 -j DNAT --to-destination 10.10.1.3:9300
[0:0] -A PREROUTING -s 37.120.xxx.xxx/32 -d 37.120.xxx.xxx/32 -i eth0 -p tcp -m tcp --dport 9300 -j DNAT --to-destination 10.10.1.3:9300
[0:0] -A PREROUTING -d 37.120.xxx.xxx/32 -i brlxc0 -p tcp -m tcp --dport 9300 -j DNAT --to-destination 10.10.1.3:9300
[1:60] -A PREROUTING -d 37.120.xxx.xxx/32 -i eth0 -p tcp -m tcp --dport 2004 -j DNAT --to-destination 10.10.1.4:22
[17:1020] -A PREROUTING -d 37.120.xxx.xxx/32 -i brlxc0 -p tcp -m tcp --dport 2004 -j DNAT --to-destination 10.10.1.4:22
[0:0] -A OUTPUT -d 37.120.xxx.xxx/32 -p tcp -m tcp --dport 9300 -j DNAT --to-destination 10.10.1.3:9300
[0:0] -A OUTPUT -d 37.120.xxx.xxx/32 -p tcp -m tcp --dport 2004 -j DNAT --to-destination 10.10.1.4:22
[6292:378136] -A POSTROUTING -s 10.10.1.0/24 -j MASQUERADE
COMMIT
# Completed on Fri Sep 2 12:05:36 2016
# Generated by iptables-save v1.4.21 on Fri Sep 2 12:05:36 2016
*filter
:INPUT DROP [34:2812]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [70827:132184510]
[721:63260] -A INPUT -i lo -j ACCEPT
[0:0] -A INPUT -s 0.0.0.0/8 -j DROP
[0:0] -A INPUT -s 169.254.0.0/16 -j DROP
[0:0] -A INPUT -s 192.0.2.0/24 -j DROP
[0:0] -A INPUT -s 224.0.0.0/4 -j DROP
[0:0] -A INPUT -s 240.0.0.0/4 -j DROP
[68845:133746462] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
[6:336] -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
[0:0] -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
[9:804] -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
[1026:61560] -A INPUT -p tcp -m tcp --dport 7 -j ACCEPT
[71:4260] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 20 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 21 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
[4:220] -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[255:15876] -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
[210:25307] -A INPUT -s 188.68.xxx.xxx/32 -j ACCEPT
[0:0] -A INPUT -s 37.120.xxx.xxx/32 -j ACCEPT
[0:0] -A INPUT -d 37.120.xxx.xxx/32 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A INPUT -d 37.120.xxx.xxx/32 -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
[0:0] -A INPUT -s 188.68.xxx.xxx/32 -d 37.120.xxx.xxx/32 -i eth0 -p tcp -m tcp --dport 9300 -j ACCEPT
[0:0] -A INPUT -s 37.120.xxx.xxx/32 -d 37.120.xxx.xxx/32 -i eth0 -p tcp -m tcp --dport 9300 -j ACCEPT
[0:0] -A INPUT -d 37.120.xxx.xxx/32 -i eth0 -p tcp -m tcp --dport 2004 -j ACCEPT
[60403:115472599] -A FORWARD -i brlxc0 -j ACCEPT
[69207:85598793] -A FORWARD -o brlxc0 -j ACCEPT
[0:0] -A FORWARD -i br0 -j ACCEPT
[0:0] -A FORWARD -o br0 -j ACCEPT
COMMIT
# Completed on Fri Sep 2 12:05:36 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment