Scribd Logo
Upload

Welcome to Scribd!

  • Iptables

    Uploaded by

    soomalik
    47 views3 pages

    Original Title

    iptables

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    47 views3 pages

    Iptables

    Uploaded by

    soomalik

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    # Generated by iptables-save v1.3.

    8 on Fri Jan 16 20:59:05 2009


    *filter
    :FORWARD ACCEPT [0:0]
    :INPUT DROP [0:0]
    :OUTPUT ACCEPT [0:0]
    # Allow incoming data that is part of a connection we established -A INPUT -m st
    ate --state INVALID -j DROP Accept traffic from internal interfaces
    -A INPUT -s 221.225.227.206 -j DROP
    -A INPUT ! -i ppp0 -j ACCEPT
    # Accept traffic with the ACK flag set
    -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
    # Allow data that is related to existing connections
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    # Accept responses to DNS queries
    -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
    # Accept responses to our pings
    -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
    # Accept notifications of unreachable hosts
    -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT
    # Accept notifications to reduce sending speed
    -A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT
    # Accept notifications of lost packets
    -A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT
    # Accept notifications of protocol problems
    -A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT
    # Allow connections to our SSH server
    -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports ssh,ftp,3389,34578
    -A FORWARD -p tcp -m tcp -i ppp0 --dport 135 -j DROP
    -A FORWARD -p tcp -m tcp -i ppp0 --dport 445 -j DROP
    -A FORWARD -p tcp -m tcp -i ppp0 --dport 139 -j DROP
    -A FORWARD -p udp -m udp -i ppp0 --dport 1434 -j DROP
    # Allow connections to our SSH server
    -A INPUT -p udp -m udp --dport 34578 -j ACCEPT
    # Allow connections to our IDENT server
    -A INPUT -p tcp -m tcp --dport auth -j ACCEPT
    COMMIT
    # Completed on Fri Jan 16 20:59:05 2009
    # Generated by iptables-save v1.3.8 on Fri Jan 16 20:59:05 2009
    *mangle
    :FORWARD ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    #-A PREROUTING -p tcp -m tcp -m multiport -j TOS --dports 1432,1433 --set-tos 0x
    10
    # -A FORWARd -d 98.130.0.149 -j TOS --set-tos 0x08 -A FORWARD -d 98.130.0.149 j TOS --set-tos 0x08
    #-A FORWARD -p tcp -m tcp -o ppp0 --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mssto-pmtu
    #-A FORWARD -p tcp -m tcp -m multiport -j TOS --dports 1432,1433 --set-tos 0x10
    -A FORWARD -p tcp -m tcp -m tcpmss -o ppp0 --tcp-flags SYN,RST SYN -j TCPMSS -mss 1448:1536 --clamp-mss-to-pmtu
    -A POSTROUTING -p tcp -m tcp -m multiport -j TOS --dports 1432,1433 --set-tos 0x
    10
    #-A FORWARD -p tcp -m tcp -m multiport -j TOS --dports 1432,1433 --set-tos 0x5d
    COMMIT
    # Completed on Fri Jan 16 20:59:05 2009
    # Generated by iptables-save v1.3.8 on Fri Jan 16 20:59:05 2009
    *nat

    :OUTPUT ACCEPT [0:0]


    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    -A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 5901 --sta
    te NEW -j DNAT --to-destination 10.0.0.123:5900
    -A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 2323 --sta
    te NEW -j DNAT --to-destination 10.0.0.123:22
    -A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 5900 --sta
    te NEW -j DNAT --to-destination 10.0.0.124:5900
    -A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 2222 --sta
    te NEW -j DNAT --to-destination 10.0.0.124:22
    -A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 3389 --sta
    te NEW -j DNAT --to-destination 10.0.0.118:3389
    -A PREROUTING -p udp -m udp -m state -d 124.109.36.38 -i ppp0 --dport 34578 --st
    ate NEW -j DNAT --to-destination 10.0.0.118:34578
    -A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 34578 --st
    ate NEW -j DNAT --to-destination 10.0.0.118:34578
    -A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 32196 --st
    ate NEW -j DNAT --to-destination 10.0.0.109:32196
    -A PREROUTING -p udp -m udp -m state -d 124.109.36.38 -i ppp0 --dport 32196 --st
    ate NEW -j DNAT --to-destination 10.0.0.109:32196
    # -A PREROUTING -d 124.109.33.218 -i ppp0 -j DNAT --to-destination 192.168.168.1
    70
    -A PREROUTING -d 124.109.33.219 -i ppp0 -j DNAT --to-destination 10.0.0.169
    -A PREROUTING -d 124.109.33.220 -i ppp0 -j DNAT --to-destination 10.0.0.195
    -A PREROUTING -d 124.109.33.221 -i ppp0 -j DNAT --to-destination 10.0.0.186
    -A POSTROUTING -p tcp -m tcp --dport 23 -j DROP
    -A POSTROUTING -p tcp -m tcp --dport 6000:7000 -j DROP
    -A POSTROUTING -p tcp -m tcp --dport 6667 -j DROP
    -A POSTROUTING -p tcp -m tcp --dport 6666 -j DROP
    # -A POSTROUTING -s 192.168.168.170 -o ppp0 -j SNAT --to-source 124.109.33.218
    -A POSTROUTING -s 10.0.0.169 ! -d 10.0.0.0/23 -o ppp0 -j SNAT --to-source 124.10
    9.33.219
    -A POSTROUTING -s 10.0.0.195 ! -d 10.0.0.0/23 -o ppp0 -j SNAT --to-source 124.10
    9.33.220
    -A POSTROUTING -s 10.0.0.186 ! -d 10.0.0.0/23 -o ppp0 -j SNAT --to-source 124.10
    9.33.221
    -A POSTROUTING -s 10.0.0.193 ! -d 10.0.0.0/23 -o ppp0 -j SNAT --to-source 124.10
    9.33.222
    # -A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 -d 72.41.4.25 -o ppp0 --dport 1432
    -j MASQUERADE
    -A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 -d 98.130.0.149 -o ppp0 --dport 1433
    -j MASQUERADE
    -A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 186
    3 -j MASQUERADE
    -A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 338
    9 -j MASQUERADE
    -A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 21
    -j MASQUERADE
    -A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 22
    -j MASQUERADE
    -A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 25
    -j MASQUERADE
    -A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 995
    -j MASQUERADE
    -A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 465
    -j MASQUERADE
    -A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 110
    -j MASQUERADE

    #-A POSTROUTING -s 10.0.0.177 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE


    -A POSTROUTING -s 10.0.0.139 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.81 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.146 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.118 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.169 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.253 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.211 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.102 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.103 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.109 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.105 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.1.230 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.1.231 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.123 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    #-A POSTROUTING -s 10.0.0.84 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.119 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.205 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.124 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -s 10.0.0.123 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
    -A POSTROUTING -p tcp -m tcp -s 10.0.0.156 -o ppp0 ! --dport 80 -j MASQUERADE
    -A PREROUTING -d 124.109.33.222 -i ppp0 -j DNAT --to-destination 10.0.0.193
    COMMIT
    # Completed on Fri Jan 16 20:59:05 2009

    You might also like