xdougx · June 6, 2014 18:49
diff --git a/iptable.conf b/iptable.conf
 # Generated by iptables-save v1.4.12 on Wed Feb 19 15:24:27 2014
 *filter
 :INPUT ACCEPT [400:37871]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [283:59798]

 # rules for postgree
 #-A INPUT -d 202.54.1.20/32 -p tcp -m tcp --sport 1024:65535 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
 #-A INPUT -d 202.54.1.20/32 -p tcp -m tcp --sport 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 #-A INPUT -s 202.54.1.20/32 -d 202.54.1.20/32 -p tcp -m tcp --sport 1024:65535 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
 #-A OUTPUT -s 202.54.1.20/32 -p tcp -m tcp --sport 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 #-A OUTPUT -s 202.54.1.20/32 -p tcp -m tcp --sport 1024:65535 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
 #-A OUTPUT -s 202.54.1.20/32 -d 202.54.1.50/32 -p tcp -m tcp --sport 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

 # rules for mongo
 #-A INPUT -d 127.0.0.1/32 -p tcp -m tcp --sport 1024:65535 --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
 #-A INPUT -d 127.0.0.1/32 -p tcp -m tcp --sport 27017 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 #-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -p tcp -m tcp --sport 1024:65535 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
 #-A OUTPUT -s 127.0.0.1/32 -p tcp -m tcp --sport 27017 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 #-A OUTPUT -s 127.0.0.1/32 -p tcp -m tcp --sport 1024:65535 --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
 #-A OUTPUT -s 127.0.0.1/32 -d 202.54.1.50/32 -p tcp -m tcp --sport 27017 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

 COMMIT
 # Completed on Wed Feb 19 15:24:27 2014
	# Generated by iptables-save v1.4.12 on Wed Feb 19 15:24:27 2014
	*filter
	:INPUT ACCEPT [400:37871]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [283:59798]

	# rules for postgree
	#-A INPUT -d 202.54.1.20/32 -p tcp -m tcp --sport 1024:65535 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
	#-A INPUT -d 202.54.1.20/32 -p tcp -m tcp --sport 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
	#-A INPUT -s 202.54.1.20/32 -d 202.54.1.20/32 -p tcp -m tcp --sport 1024:65535 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
	#-A OUTPUT -s 202.54.1.20/32 -p tcp -m tcp --sport 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
	#-A OUTPUT -s 202.54.1.20/32 -p tcp -m tcp --sport 1024:65535 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
	#-A OUTPUT -s 202.54.1.20/32 -d 202.54.1.50/32 -p tcp -m tcp --sport 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

	# rules for mongo
	#-A INPUT -d 127.0.0.1/32 -p tcp -m tcp --sport 1024:65535 --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
	#-A INPUT -d 127.0.0.1/32 -p tcp -m tcp --sport 27017 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
	#-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -p tcp -m tcp --sport 1024:65535 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
	#-A OUTPUT -s 127.0.0.1/32 -p tcp -m tcp --sport 27017 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
	#-A OUTPUT -s 127.0.0.1/32 -p tcp -m tcp --sport 1024:65535 --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
	#-A OUTPUT -s 127.0.0.1/32 -d 202.54.1.50/32 -p tcp -m tcp --sport 27017 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

	COMMIT
	# Completed on Wed Feb 19 15:24:27 2014