twaddlac · August 31, 2018 14:10
diff --git a/pyxis-iptables.txt b/pyxis-iptables.txt
 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination
 delegate_input  all  --  anywhere             anywhere

 Chain FORWARD (policy ACCEPT)
 target     prot opt source               destination

 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination

 Chain delegate_input (1 references)
 target     prot opt source               destination
 ACCEPT     all  --  anywhere             anywhere
 ACCEPT     icmp --  anywhere             anywhere             icmp echo-request /* allow ping */
 ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
 syn_flood  tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:smtp /* SMTP */
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh /* SSH */
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:http /* HTTP */
 nyu        all  --  anywhere             anywhere             /* reject all non nyu ip addresses */
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:8009 /* eegi website */
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:8010 /* gunsiano */
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:mysql /* MySQL */
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:5000 /* tubo REST API */
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:27017 /* mongodb */
 ACCEPT     tcp  --  anywhere             anywhere             state NEW multiport dports netbios-ssn,microsoft-ds /* smb */
 ACCEPT     tcp  --  anywhere             anywhere             state NEW multiport dports sunrpc,nfs,rpc.statd-bc,rpc.statd,rpc.mountd,rpc.quotad,rpc.lockd,rpc.nfs-cb /* NFS tcp */
 ACCEPT     udp  --  anywhere             anywhere             state NEW multiport dports sunrpc,nfs,rpc.statd-bc,rpc.statd,rpc.mountd,rpc.quotad,rpc.lockd,rpc.nfs-cb /* NFS udp */
 reject     all  --  anywhere             anywhere

 Chain nyu (1 references)
 target     prot opt source               destination
 RETURN     all  --  pool-96-250-196-238.nycmny.fios.verizon.net  anywhere             /* lior home */
 RETURN     all  --  NYU-VL1172-NET/16    anywhere
 RETURN     all  --  216.165.0.0/17       anywhere
 RETURN     all  --  NYU-RFC1597-C-0-NET/16  anywhere
 RETURN     all  --  172.22.0.0/16        anywhere
 RETURN     all  --  172.24.0.0/17        anywhere
 RETURN     all  --  172-26-0-0-NET/16    anywhere
 RETURN     all  --  172-29-0-0-NET/16    anywhere
 RETURN     all  --  NYUNY-VL1322-NET/20  anywhere
 RETURN     all  --  NYUNY-VL1111-NET/16  anywhere
 RETURN     all  --  NYUNY-VL1431-NET/16  anywhere
 RETURN     all  --  NYUTA-VL100-NET/24   anywhere
 RETURN     all  --  NYU-VL756-NET/25     anywhere
 RETURN     all  --  NYU-VL759-NET/24     anywhere
 RETURN     all  --  NYU-LONDON-VL600-NET/24  anywhere
 RETURN     all  --  203.126.200.0/24     anywhere
 RETURN     all  --  NYUPRAGUE-VL174-NET/24  anywhere
 RETURN     all  --  NYU-VL770-BERLIN-NET/24  anywhere
 RETURN     all  --  NYU-SYDNEY-VL100-NET/25  anywhere
 RETURN     all  --  nyuad-vl989-dmz_nat_2-net.net.abudhabi.nyu.edu/24  anywhere
 RETURN     all  --  nyuad-vl780-nyunet-data-c2a-00-01-net.net.abudhabi.nyu.edu/17  anywhere
 RETURN     all  --  nyuad-vl1100-nyuroam-1100-net.net.abudhabi.nyu.edu/17  anywhere
 RETURN     all  --  nyuad-vl800-resnet-data-a5a-02-04-net.net.abudhabi.nyu.edu/18  anywhere
 RETURN     all  --  10.226.96.0/20       anywhere
 RETURN     all  --  nyuad-vl200-research-network-a1-a2-net.net.abudhabi.nyu.edu/20  anywhere
 RETURN     all  --  10.230.0.0/16        anywhere
 RETURN     all  --  nyuad-vl50-av-a1a-00-01-net.net.abudhabi.nyu.edu/18  anywhere
 RETURN     all  --  nyuad-vl50-av-a3a-00-01-net.net.abudhabi.nyu.edu/20  anywhere
 RETURN     all  --  nyuparis-orange-link-net/27  anywhere
 RETURN     all  --  128.238.0.0/16       anywhere
 RETURN     all  --  NYUNY-VL1111-NET/16  anywhere
 reject     all  --  anywhere             anywhere

 Chain reject (2 references)
 target     prot opt source               destination
 REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset
 REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

 Chain syn_flood (1 references)
 target     prot opt source               destination
 RETURN     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
 DROP       all  --  anywhere             anywhere
	Chain INPUT (policy ACCEPT)
	target prot opt source destination
	delegate_input all -- anywhere anywhere

	Chain FORWARD (policy ACCEPT)
	target prot opt source destination

	Chain OUTPUT (policy ACCEPT)
	target prot opt source destination

	Chain delegate_input (1 references)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere
	ACCEPT icmp -- anywhere anywhere icmp echo-request /* allow ping */
	ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
	syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
	ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp /* SMTP */
	ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh /* SSH */
	ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http /* HTTP */
	nyu all -- anywhere anywhere /* reject all non nyu ip addresses */
	ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:8009 /* eegi website */
	ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:8010 /* gunsiano */
	ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql /* MySQL */
	ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5000 /* tubo REST API */
	ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:27017 /* mongodb */
	ACCEPT tcp -- anywhere anywhere state NEW multiport dports netbios-ssn,microsoft-ds /* smb */
	ACCEPT tcp -- anywhere anywhere state NEW multiport dports sunrpc,nfs,rpc.statd-bc,rpc.statd,rpc.mountd,rpc.quotad,rpc.lockd,rpc.nfs-cb /* NFS tcp */
	ACCEPT udp -- anywhere anywhere state NEW multiport dports sunrpc,nfs,rpc.statd-bc,rpc.statd,rpc.mountd,rpc.quotad,rpc.lockd,rpc.nfs-cb /* NFS udp */
	reject all -- anywhere anywhere

	Chain nyu (1 references)
	target prot opt source destination
	RETURN all -- pool-96-250-196-238.nycmny.fios.verizon.net anywhere /* lior home */
	RETURN all -- NYU-VL1172-NET/16 anywhere
	RETURN all -- 216.165.0.0/17 anywhere
	RETURN all -- NYU-RFC1597-C-0-NET/16 anywhere
	RETURN all -- 172.22.0.0/16 anywhere
	RETURN all -- 172.24.0.0/17 anywhere
	RETURN all -- 172-26-0-0-NET/16 anywhere
	RETURN all -- 172-29-0-0-NET/16 anywhere
	RETURN all -- NYUNY-VL1322-NET/20 anywhere
	RETURN all -- NYUNY-VL1111-NET/16 anywhere
	RETURN all -- NYUNY-VL1431-NET/16 anywhere
	RETURN all -- NYUTA-VL100-NET/24 anywhere
	RETURN all -- NYU-VL756-NET/25 anywhere
	RETURN all -- NYU-VL759-NET/24 anywhere
	RETURN all -- NYU-LONDON-VL600-NET/24 anywhere
	RETURN all -- 203.126.200.0/24 anywhere
	RETURN all -- NYUPRAGUE-VL174-NET/24 anywhere
	RETURN all -- NYU-VL770-BERLIN-NET/24 anywhere
	RETURN all -- NYU-SYDNEY-VL100-NET/25 anywhere
	RETURN all -- nyuad-vl989-dmz_nat_2-net.net.abudhabi.nyu.edu/24 anywhere
	RETURN all -- nyuad-vl780-nyunet-data-c2a-00-01-net.net.abudhabi.nyu.edu/17 anywhere
	RETURN all -- nyuad-vl1100-nyuroam-1100-net.net.abudhabi.nyu.edu/17 anywhere
	RETURN all -- nyuad-vl800-resnet-data-a5a-02-04-net.net.abudhabi.nyu.edu/18 anywhere
	RETURN all -- 10.226.96.0/20 anywhere
	RETURN all -- nyuad-vl200-research-network-a1-a2-net.net.abudhabi.nyu.edu/20 anywhere
	RETURN all -- 10.230.0.0/16 anywhere
	RETURN all -- nyuad-vl50-av-a1a-00-01-net.net.abudhabi.nyu.edu/18 anywhere
	RETURN all -- nyuad-vl50-av-a3a-00-01-net.net.abudhabi.nyu.edu/20 anywhere
	RETURN all -- nyuparis-orange-link-net/27 anywhere
	RETURN all -- 128.238.0.0/16 anywhere
	RETURN all -- NYUNY-VL1111-NET/16 anywhere
	reject all -- anywhere anywhere

	Chain reject (2 references)
	target prot opt source destination
	REJECT tcp -- anywhere anywhere reject-with tcp-reset
	REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

	Chain syn_flood (1 references)
	target prot opt source destination
	RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
	DROP all -- anywhere anywhere