Attention: All pages of this wiki depend on the pages that come before it, in order as they are listed on the Main Page. Please check for Dependencies.
Please also look at What You Need to Know Before Using This Wiki

/root/scripts/iptables-restore

From COCNM
Revision as of 17:58, 30 August 2014 by Bob (talk | contribs) (→‎Completed)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Basic

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.26.0/24 -o eth0 -j SNAT --to-source 192.168.25.15
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -m conntrack --ctstate INVALID -j DROP
COMMIT
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 127.0.0.0/8 ! -i lo -j LOG --log-prefix INPUTlo
-A INPUT -s 127.0.0.0/8 ! -i lo -j DROP
-A INPUT -d 255.255.255.255/32 -j ACCEPT
-A INPUT -d 224.0.0.0/4 -i eth1 ! -p tcp -j ACCEPT
-A INPUT -d 192.168.25.15/32 -i eth0 -j ACCEPT
-A INPUT -d 192.168.25.255/32 -i eth0 -j ACCEPT
-A INPUT -s 192.168.26.0/24 -i eth1 -j ACCEPT
-A INPUT -s 192.168.26.0/24 ! -i eth1 -j LOG --log-prefix INPUT1
-A INPUT -s 192.168.26.0/24 ! -i eth1 -j DROP
-A INPUT -j LOG --log-prefix INPUT
-A INPUT -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.26.0/24 -i eth1 -o eth0 -j ACCEPT
-A FORWARD -j LOG --log-prefix FORWARD
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 127.0.0.0/8 ! -o lo -j LOG --log-prefix OUTPUTlo
-A OUTPUT -d 127.0.0.0/8 ! -o lo -j DROP
-A OUTPUT -d 255.255.255.255/32 -j ACCEPT
-A OUTPUT -d 224.0.0.0/4 -o eth1 ! -p tcp -j ACCEPT
-A OUTPUT -d 224.0.0.0/4 -o eth2 ! -p tcp -j ACCEPT
-A OUTPUT -s 192.168.25.15/32 -o eth0 -j ACCEPT
-A OUTPUT -s 192.168.25.255/32 -o eth0 -j ACCEPT
-A OUTPUT -d 192.168.26.0/24 -o eth1 -j ACCEPT
-A OUTPUT -d 192.168.26.0/24 ! -o eth1 -j LOG --log-prefix OUTPUT1
-A OUTPUT -d 192.168.26.0/24 ! -o eth1 -j DROP
-A OUTPUT -j LOG --log-prefix OUTPUT
-A OUTPUT -j DROP
COMMIT

Completed

# Generated by iptables-save v1.4.20 on Thu Aug 29 20:35:34 2013
*nat
:PREROUTING ACCEPT [16208:2924135]
:INPUT ACCEPT [12634:2681037]
:OUTPUT ACCEPT [5147:372035]
:POSTROUTING ACCEPT [5147:372035]
-A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.26.10:25 
-A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.26.10:80 
-A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.26.10:443
-A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 587 -j DNAT --to-destination 192.168.26.10:587
-A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 993 -j DNAT --to-destination 192.168.26.10:993 
-A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 995 -j DNAT --to-destination 192.168.26.10:995
-A POSTROUTING ! -d 10.25.0.0/24 -s 192.168.26.0/24 -o eth0 -j SNAT --to-source 192.168.25.15
-A POSTROUTING -s 192.168.27.0/24 -o eth0 -j SNAT --to-source 192.168.25.15
COMMIT
# Completed on Thu Aug 29 20:35:34 2013
# Generated by iptables-save v1.4.20 on Thu Aug 29 20:35:34 2013
*mangle
:PREROUTING ACCEPT [154883:126645061]
:INPUT ACCEPT [133756:117641671]
:FORWARD ACCEPT [20465:8966111]
:OUTPUT ACCEPT [86452:6816891]
:POSTROUTING ACCEPT [106905:15782402]
-A POSTROUTING -m conntrack --ctstate INVALID -j DROP
-A POSTROUTING -j ACCOUNT --addr 0/0 --tname wan
-A FORWARD -j ACCOUNT --addr 192.168.26.0/24 --tname computerisms
-A FORWARD -j ACCOUNT --addr 192.168.27.0/24 --tname pubaccess
-A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 25 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 443 -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 587 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 993 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -d 192.168.25.15/32 -i eth0 -p tcp -m tcp --dport 995 -j MARK --set-xmark 0x1/0xffffffff 
COMMIT
# Completed on Thu Aug 29 20:35:34 2013
# Generated by iptables-save v1.4.20 on Thu Aug 29 20:35:34 2013
*raw
:PREROUTING ACCEPT [154883:126645061]
:OUTPUT ACCEPT [86452:6816891]
COMMIT
# Completed on Thu Aug 29 20:35:34 2013
# Generated by iptables-save v1.4.20 on Thu Aug 29 20:35:34 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m mark --mark 0x1 -j ACCEPT 
-A INPUT -i lo -j ACCEPT
-A INPUT -s 127.0.0.0/8 ! -i lo -j LOG --log-prefix INPUTlo
-A INPUT -s 127.0.0.0/8 ! -i lo -j DROP
-A INPUT -d 255.255.255.255/32 -j ACCEPT
-A INPUT -d 224.0.0.0/4 -i eth1 ! -p tcp -j ACCEPT
-A INPUT -d 224.0.0.0/4 -i eth2 ! -p tcp -j ACCEPT
-A INPUT -d 192.168.25.15/32 -i eth0 -j ACCEPT
-A INPUT -d 192.168.25.255/32 -i eth0 -j ACCEPT
-A INPUT -s 192.168.26.0/24 -i eth1 -j ACCEPT
-A INPUT -s 192.168.26.0/24 ! -i eth1 -j LOG --log-prefix INPUT1
-A INPUT -s 192.168.26.0/24 ! -i eth1 -j DROP
-A INPUT -s 192.168.27.0/24 -i eth2 -j ACCEPT
-A INPUT -s 192.168.27.0/24 ! -i eth2 -j LOG --log-prefix INPUT2
-A INPUT -s 192.168.27.0/24 ! -i eth2 -j DROP
-A INPUT -j LOG --log-prefix INPUT
-A INPUT -j DROP
-A FORWARD -m mark --mark 0x1 -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.26.0/24 -d 192.168.27.0/24 -j LOG --log-prefix FORWARD1
-A FORWARD -s 192.168.26.0/24 -d 192.168.27.0/24 -j DROP
-A FORWARD -s 192.168.27.0/24 -d 192.168.26.0/24 -j LOG --log-prefix FORWARD2
-A FORWARD -s 192.168.27.0/24 -d 192.168.26.0/24 -j DROP
-A FORWARD -s 192.168.26.0/24 -d 10.25.0.0/24 -j ACCEPT
-A FORWARD -d 192.168.26.0/24 -s 10.25.0.0/24 -j ACCEPT
-A FORWARD -s 192.168.26.0/24 -i eth1 -o eth0 -j ACCEPT
-A FORWARD -s 192.168.27.0/24 -i eth2 -o eth0 -j ACCEPT
-A FORWARD -j LOG --log-prefix FORWARD
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 127.0.0.0/8 ! -o lo -j LOG --log-prefix OUTPUTlo
-A OUTPUT -d 127.0.0.0/8 ! -o lo -j DROP
-A OUTPUT -d 255.255.255.255/32 -j ACCEPT
-A OUTPUT -d 224.0.0.0/4 -o eth1 ! -p tcp -j ACCEPT
-A OUTPUT -d 224.0.0.0/4 -o eth2 ! -p tcp -j ACCEPT
-A OUTPUT -s 192.168.25.15/32 -o eth0 -j ACCEPT
-A OUTPUT -s 192.168.25.255/32 -o eth0 -j ACCEPT
-A OUTPUT -d 192.168.26.0/24 -o eth1 -j ACCEPT
-A OUTPUT -d 192.168.26.0/24 ! -o eth1 -j LOG --log-prefix OUTPUT1
-A OUTPUT -d 192.168.26.0/24 ! -o eth1 -j DROP
-A OUTPUT -d 192.168.27.0/24 -o eth2 -j ACCEPT
-A OUTPUT -d 192.168.27.0/24 ! -o eth2 -j LOG --log-prefix OUTPUT2
-A OUTPUT -d 192.168.27.0/24 ! -o eth2 -j DROP
-A OUTPUT -j LOG --log-prefix OUTPUT
-A OUTPUT -j DROP
COMMIT
# Completed on Thu Aug 29 20:35:34 2013