Skip to content

Instantly share code, notes, and snippets.

@nyarly

nyarly/ip-route

Created June 25, 2020 17:18
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save nyarly/f9f94edc4aab1e63e7b70b9d9dbeb068 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save nyarly/f9f94edc4aab1e63e7b70b9d9dbeb068 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ip-route
default via 192.168.1.254 dev wlp3s0 proto dhcp metric 600
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.37.17.0/24 dev dummy0 proto kernel scope link src 172.37.17.1
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.183 metric 600
192.168.56.0/24 dev vboxnet0 proto kernel scope link src 192.168.56.1 linkdown
Raw
iptables
# Generated by iptables-save v1.8.4 on Thu Jun 25 10:16:40 2020
*mangle
:PREROUTING ACCEPT [26684158:20532997826]
:INPUT ACCEPT [10223424:9535791601]
:FORWARD ACCEPT [16441217:10994569680]
:OUTPUT ACCEPT [8467674:1853746126]
:POSTROUTING ACCEPT [24909247:12848346470]
COMMIT
# Completed on Thu Jun 25 10:16:40 2020
# Generated by iptables-save v1.8.4 on Thu Jun 25 10:16:40 2020
*nat
:PREROUTING ACCEPT [10263:2075423]
:INPUT ACCEPT [121:8588]
:OUTPUT ACCEPT [36176:8252627]
:POSTROUTING ACCEPT [36471:8270327]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 6443 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
-A DOCKER -d 127.0.0.1/32 ! -i docker0 -p tcp -m tcp --dport 32778 -j DNAT --to-destination 172.17.0.3:6443
COMMIT
# Completed on Thu Jun 25 10:16:40 2020
# Generated by iptables-save v1.8.4 on Thu Jun 25 10:16:40 2020
*raw
:PREROUTING ACCEPT [28923477:22349167579]
:OUTPUT ACCEPT [10483634:2590198655]
:nixos-fw-rpfilter - [0:0]
-A PREROUTING -j nixos-fw-rpfilter
-A nixos-fw-rpfilter -m rpfilter --validmark -j RETURN
-A nixos-fw-rpfilter -p udp -m udp --sport 67 --dport 68 -j RETURN
-A nixos-fw-rpfilter -s 0.0.0.0/32 -d 255.255.255.255/32 -p udp -m udp --sport 68 --dport 67 -j RETURN
-A nixos-fw-rpfilter -j DROP
COMMIT
# Completed on Thu Jun 25 10:16:40 2020
# Generated by iptables-save v1.8.4 on Thu Jun 25 10:16:40 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [610801:79194593]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
:nixos-fw - [0:0]
:nixos-fw-accept - [0:0]
:nixos-fw-log-refuse - [0:0]
:nixos-fw-refuse - [0:0]
-A INPUT -j nixos-fw
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 6443 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A nixos-fw -i lo -j nixos-fw-accept
-A nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept
-A nixos-fw -p icmp -m icmp --icmp-type 8 -m limit --limit 1/min -j nixos-fw-accept
-A nixos-fw -d 172.37.17.1/32 -i docker0 -p udp -m udp --dport 53 -j nixos-fw-accept
-A nixos-fw -s 172.37.17.1/32 -i docker0 -p udp -m udp --sport 53 -j nixos-fw-accept
-A nixos-fw -j nixos-fw-log-refuse
-A nixos-fw-accept -j ACCEPT
-A nixos-fw-log-refuse -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "refused connection: " --log-level 6
-A nixos-fw-log-refuse -m pkttype ! --pkt-type unicast -j nixos-fw-refuse
-A nixos-fw-log-refuse -j nixos-fw-refuse
-A nixos-fw-refuse -j DROP
COMMIT
# Completed on Thu Jun 25 10:16:40 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment