Attention: All pages of this wiki depend on the pages that come before it, in order as they are listed on the Main Page. Please check for Dependencies.
Please also look at What You Need to Know Before Using This Wiki
/root/scripts/iptables-restore: Difference between revisions
Jump to navigation
Jump to search
m (1 revision) |
(No difference)
|
Revision as of 01:19, 19 September 2013
Basic
*nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 192.168.26.0/24 -o eth0 -j SNAT --to-source 192.168.25.15 COMMIT *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -m conntrack --ctstate INVALID -j DROP COMMIT *raw :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -s 127.0.0.0/8 ! -i lo -j LOG --log-prefix INPUTlo -A INPUT -s 127.0.0.0/8 ! -i lo -j DROP -A INPUT -d 255.255.255.255/32 -j ACCEPT -A INPUT -d 224.0.0.0/4 -i eth1 ! -p tcp -j ACCEPT -A INPUT -d 192.168.25.15/32 -i eth0 -j ACCEPT -A INPUT -d 192.168.25.255/32 -i eth0 -j ACCEPT -A INPUT -s 192.168.26.0/24 -i eth1 -j ACCEPT -A INPUT -s 192.168.26.0/24 ! -i eth1 -j LOG --log-prefix INPUT1 -A INPUT -s 192.168.26.0/24 ! -i eth1 -j DROP -A INPUT -j LOG --log-prefix INPUT -A INPUT -j DROP -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.26.0/24 -i eth1 -o eth0 -j ACCEPT -A FORWARD -j LOG --log-prefix FORWARD -A FORWARD -j DROP -A OUTPUT -o lo -j ACCEPT -A OUTPUT -d 127.0.0.0/8 ! -o lo -j LOG --log-prefix OUTPUTlo -A OUTPUT -d 127.0.0.0/8 ! -o lo -j DROP -A OUTPUT -d 255.255.255.255/32 -j ACCEPT -A OUTPUT -d 224.0.0.0/4 -o eth1 ! -p tcp -j ACCEPT -A OUTPUT -d 224.0.0.0/4 -o eth2 ! -p tcp -j ACCEPT -A OUTPUT -s 192.168.25.15/32 -o eth0 -j ACCEPT -A OUTPUT -s 192.168.25.255/32 -o eth0 -j ACCEPT -A OUTPUT -d 192.168.26.0/24 -o eth1 -j ACCEPT -A OUTPUT -d 192.168.26.0/24 ! -o eth1 -j LOG --log-prefix OUTPUT1 -A OUTPUT -d 192.168.26.0/24 ! -o eth1 -j DROP -A OUTPUT -j LOG --log-prefix OUTPUT -A OUTPUT -j DROP COMMIT
Completed
# Generated by iptables-save v1.4.20 on Thu Aug 29 20:35:34 2013 *nat :PREROUTING ACCEPT [16208:2924135] :INPUT ACCEPT [12634:2681037] :OUTPUT ACCEPT [5147:372035] :POSTROUTING ACCEPT [5147:372035] -A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.26.10:25 -A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.26.10:80 -A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.26.10:443 -A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 587 -j DNAT --to-destination 192.168.26.10:587 -A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 993 -j DNAT --to-destination 192.168.26.10:993 -A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 995 -j DNAT --to-destination 192.168.26.10:995 -A POSTROUTING ! -d 10.25.0.0/24 -s 192.168.26.0/24 -o eth0 -j SNAT --to-source 192.168.25.15 -A POSTROUTING -s 192.168.27.0/24 -o eth0 -j SNAT --to-source 192.168.25.15 COMMIT # Completed on Thu Aug 29 20:35:34 2013 # Generated by iptables-save v1.4.20 on Thu Aug 29 20:35:34 2013 *mangle :PREROUTING ACCEPT [154883:126645061] :INPUT ACCEPT [133756:117641671] :FORWARD ACCEPT [20465:8966111] :OUTPUT ACCEPT [86452:6816891] :POSTROUTING ACCEPT [106905:15782402] -A POSTROUTING -m conntrack --ctstate INVALID -j DROP -A POSTROUTING -j ACCOUNT --addr 0/0 --tname wan -A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 25 -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 443 -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 587 -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 993 -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 995 -j MARK --set-xmark 0x1/0xffffffff COMMIT # Completed on Thu Aug 29 20:35:34 2013 # Generated by iptables-save v1.4.20 on Thu Aug 29 20:35:34 2013 *raw :PREROUTING ACCEPT [154883:126645061] :OUTPUT ACCEPT [86452:6816891] COMMIT # Completed on Thu Aug 29 20:35:34 2013 # Generated by iptables-save v1.4.20 on Thu Aug 29 20:35:34 2013 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -m mark --mark 0x1 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 127.0.0.0/8 ! -i lo -j LOG --log-prefix INPUTlo -A INPUT -s 127.0.0.0/8 ! -i lo -j DROP -A INPUT -d 255.255.255.255/32 -j ACCEPT -A INPUT -d 224.0.0.0/4 -i eth1 ! -p tcp -j ACCEPT -A INPUT -d 224.0.0.0/4 -i eth2 ! -p tcp -j ACCEPT -A INPUT -d 192.168.25.15/32 -i eth0 -j ACCEPT -A INPUT -d 192.168.25.255/32 -i eth0 -j ACCEPT -A INPUT -s 192.168.26.0/24 -i eth1 -j ACCEPT -A INPUT -s 192.168.26.0/24 ! -i eth1 -j LOG --log-prefix INPUT1 -A INPUT -s 192.168.26.0/24 ! -i eth1 -j DROP -A INPUT -s 192.168.27.0/24 -i eth2 -j ACCEPT -A INPUT -s 192.168.27.0/24 ! -i eth2 -j LOG --log-prefix INPUT2 -A INPUT -s 192.168.27.0/24 ! -i eth2 -j DROP -A INPUT -j LOG --log-prefix INPUT -A INPUT -j DROP -A FORWARD -j ACCOUNT --addr 192.168.26.0/24 --tname computerisms -A FORWARD -j ACCOUNT --addr 192.168.27.0/24 --tname pubaccess -A FORWARD -m mark --mark 0x1 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.26.0/24 -d 192.168.27.0/24 -j LOG --log-prefix FORWARD1 -A FORWARD -s 192.168.26.0/24 -d 192.168.27.0/24 -j DROP -A FORWARD -s 192.168.27.0/24 -d 192.168.26.0/24 -j LOG --log-prefix FORWARD2 -A FORWARD -s 192.168.27.0/24 -d 192.168.26.0/24 -j DROP -A FORWARD -s 192.168.26.0/24 -d 10.25.0.0/24 -j ACCEPT -A FORWARD -d 192.168.26.0/24 -s 10.25.0.0/24 -j ACCEPT -A FORWARD -s 192.168.26.0/24 -i eth1 -o eth0 -j ACCEPT -A FORWARD -s 192.168.27.0/24 -i eth2 -o eth0 -j ACCEPT -A FORWARD -j LOG --log-prefix FORWARD -A FORWARD -j DROP -A OUTPUT -o lo -j ACCEPT -A OUTPUT -d 127.0.0.0/8 ! -o lo -j LOG --log-prefix OUTPUTlo -A OUTPUT -d 127.0.0.0/8 ! -o lo -j DROP -A OUTPUT -d 255.255.255.255/32 -j ACCEPT -A OUTPUT -d 224.0.0.0/4 -o eth1 ! -p tcp -j ACCEPT -A OUTPUT -d 224.0.0.0/4 -o eth2 ! -p tcp -j ACCEPT -A OUTPUT -s 192.168.25.15/32 -o eth0 -j ACCEPT -A OUTPUT -s 192.168.25.255/32 -o eth0 -j ACCEPT -A OUTPUT -d 192.168.26.0/24 -o eth1 -j ACCEPT -A OUTPUT -d 192.168.26.0/24 ! -o eth1 -j LOG --log-prefix OUTPUT1 -A OUTPUT -d 192.168.26.0/24 ! -o eth1 -j DROP -A OUTPUT -d 192.168.27.0/24 -o eth2 -j ACCEPT -A OUTPUT -d 192.168.27.0/24 ! -o eth2 -j LOG --log-prefix OUTPUT2 -A OUTPUT -d 192.168.27.0/24 ! -o eth2 -j DROP -A OUTPUT -j LOG --log-prefix OUTPUT -A OUTPUT -j DROP COMMIT # Completed on Thu Aug 29 20:35:34 2013