BrowseContact

No title

Edit - Annotate - Report/Delete - Raw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

# Generated by iptables-save v1.6.0 on Fri Mar 31 21:05:54 2017
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri Mar 31 21:05:54 2017
# Generated by iptables-save v1.6.0 on Fri Mar 31 21:05:54 2017
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri Mar 31 21:05:54 2017
# Generated by iptables-save v1.6.0 on Fri Mar 31 21:05:54 2017
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:LO - [0:0]
:LOGNACCEPT - [0:0]
:LOGNDROP - [0:0]
:SSH-ALL - [0:0]
:SSH-BLOCKED - [0:0]
:TCP-FOR - [0:0]
:TCP-IN - [0:0]
:UDP-FOR - [0:0]
:UDP-IN - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m set --match-set blackhole src -j DROP
-A INPUT -f -j DROP
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -i lo -m state --state NEW -j LO
-A INPUT -i centos-br0 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -j TCP-IN
-A INPUT -p udp -m state --state NEW -m udp -j UDP-IN
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -j LOGNDROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -m set --match-set blackhole src -j DROP
-A FORWARD -s 192.168.0.0/16 -m state --state NEW -j ACCEPT
-A FORWARD -d 192.168.0.0/16 -m state --state NEW -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type any -j ACCEPT
-A FORWARD -p tcp -m state --state NEW -m tcp -j TCP-FOR
-A FORWARD -p udp -m state --state NEW -m udp -j UDP-FOR
-A FORWARD -j LOGNDROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -f -j DROP
-A OUTPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 389 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 636 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 25565 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 67 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 67 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 123 -j ACCEPT
-A OUTPUT -j LOGNACCEPT
-A LO -m state --state RELATED,ESTABLISHED -j ACCEPT
-A LO -m state --state INVALID -j DROP
-A LO -p icmp -m icmp --icmp-type any -j ACCEPT
-A LO -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A LO -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A LO -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A LO -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A LO -p tcp -m state --state NEW -m tcp -m multiport --dports 5900:5915 -j ACCEPT
-A LO -p tcp -m state --state NEW -m tcp -m multiport --dports 5916:5930 -j ACCEPT
-A LO -p tcp -m state --state NEW -m tcp --dport 12000 -j ACCEPT
-A LO -p tcp -m state --state NEW -m tcp --dport 25565 -j ACCEPT
-A LO -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A LO -p udp -m state --state NEW -m udp --dport 67 -j ACCEPT
-A LO -p udp -m state --state NEW -m udp --dport 123 -j ACCEPT
-A LO -j LOGNACCEPT
-A LOGNACCEPT -m limit --limit 10/min -j LOG --log-prefix "IPTABLES-ACCEPT: " --log-level 7
-A LOGNACCEPT -j ACCEPT
-A LOGNDROP -m limit --limit 10/min -j LOG --log-prefix "IPTABLES-REJECT: " --log-level 7
-A LOGNDROP -j REJECT --reject-with icmp-host-prohibited
-A SSH-ALL -p tcp -m tcp -m recent --set --name SSH --mask 255.255.255.255 --rsource
-A SSH-ALL -p tcp -m tcp -m recent --update --seconds 180 --hitcount 5 --name SSH --mask 255.255.255.255 --rsource -j SSH-BLOCKED
-A SSH-ALL -p tcp -m tcp -j ACCEPT
-A SSH-BLOCKED -p tcp -m tcp -j LOG --log-prefix Blocked-SSH --log-level 7
-A SSH-BLOCKED -p tcp -m tcp -j SET --add-set blackhole src
-A SSH-BLOCKED -p tcp -m tcp -j DROP
-A TCP-FOR -p tcp -m tcp --dport 22 -j ACCEPT
-A TCP-FOR -p tcp -m tcp --dport 25 -j ACCEPT
-A TCP-FOR -p tcp -m tcp --dport 80 -j ACCEPT
-A TCP-FOR -p tcp -m tcp --dport 389 -j ACCEPT
-A TCP-FOR -p tcp -m tcp --dport 443 -j ACCEPT
-A TCP-FOR -p tcp -m tcp --dport 636 -j ACCEPT
-A TCP-FOR -p tcp -m tcp -m multiport --dports 5900:5915 -j ACCEPT
-A TCP-FOR -p tcp -m tcp -m multiport --dports 5916:5930 -j ACCEPT
-A TCP-FOR -p tcp -m tcp --dport 12000 -j ACCEPT
-A TCP-FOR -j LOGNDROP
-A TCP-IN -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOGNACCEPT
-A TCP-IN -s 192.168.0.0/16 -j ACCEPT
-A TCP-IN -p tcp -m tcp --dport 22 -j SSH-ALL
-A TCP-IN -p tcp -m tcp --dport 25 -j ACCEPT
-A TCP-IN -p tcp -m tcp --dport 53 -j ACCEPT
-A TCP-IN -p tcp -m tcp --dport 80 -j ACCEPT
-A TCP-IN -p tcp -m tcp --dport 443 -j ACCEPT
-A TCP-IN -p tcp -m tcp -m multiport --dports 5900:5915 -j ACCEPT
-A TCP-IN -p tcp -m tcp -m multiport --dports 5916:5930 -j ACCEPT
-A TCP-IN -p tcp -m tcp --dport 12000 -j ACCEPT
-A TCP-IN -p tcp -m tcp --dport 16509 -j ACCEPT
-A TCP-IN -p tcp -m tcp --dport 16514 -j ACCEPT
-A TCP-IN -p tcp -m tcp --dport 25565 -j ACCEPT
-A TCP-IN -p tcp -m tcp --sport 389 -j ACCEPT
-A TCP-IN -p tcp -m tcp --sport 636 -j ACCEPT
-A TCP-IN -j LOGNDROP
-A UDP-FOR -p udp -m udp --dport 53 -j ACCEPT
-A UDP-FOR -p udp -m udp --dport 67 -j ACCEPT
-A UDP-FOR -p udp -m udp --dport 123 -j ACCEPT
-A UDP-FOR -j LOGNDROP
-A UDP-IN -p udp -m udp --dport 53 -j ACCEPT
-A UDP-IN -p udp -m udp --dport 67 -j ACCEPT
-A UDP-IN -p udp -m udp --dport 123 -j ACCEPT
-A UDP-IN -p udp -m udp -m multiport --dports 137:138 -j DROP
-A UDP-IN -p udp -m udp --dport 1750 -j DROP
-A UDP-IN -p udp -m udp --dport 5353 -j ACCEPT
-A UDP-IN -p udp -m udp --dport 57621 -j ACCEPT
-A UDP-IN -p udp -m udp -j LOGNDROP
COMMIT
# Completed on Fri Mar 31 21:05:54 2017

Web site source code on Github / Real World Haskell / Haskell.org / Planet Haskell