Scribd
Upload
112 views

Iptables

The document contains firewall configuration rules for the filter, mangle, and nat tables of an iptables firewall. It accepts established connections and common network protocols. It performs destination and source network address translation for internal hosts and ports to external IP addresses and ports. It also sets quality of service priorities and clamps maximum segment sizes for outgoing connections.

Uploaded by

soomalik
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
112 views

Iptables

The document contains firewall configuration rules for the filter, mangle, and nat tables of an iptables firewall. It accepts established connections and common network protocols. It performs destination and source network address translation for internal hosts and ports to external IP addresses and ports. It also sets quality of service priorities and clamps maximum segment sizes for outgoing connections.

Uploaded by

soomalik
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

# Generated by iptables-save v1.3.

8 on Fri Jan 16 20:59:05 2009


*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
# Allow incoming data that is part of a connection we established -A INPUT -m st
ate --state INVALID -j DROP Accept traffic from internal interfaces
-A INPUT -s 221.225.227.206 -j DROP
-A INPUT ! -i ppp0 -j ACCEPT
# Accept traffic with the ACK flag set
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
# Allow data that is related to existing connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Accept responses to DNS queries
-A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
# Accept responses to our pings
-A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
# Accept notifications of unreachable hosts
-A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT
# Accept notifications to reduce sending speed
-A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT
# Accept notifications of lost packets
-A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT
# Accept notifications of protocol problems
-A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT
# Allow connections to our SSH server
-A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports ssh,ftp,3389,34578
-A FORWARD -p tcp -m tcp -i ppp0 --dport 135 -j DROP
-A FORWARD -p tcp -m tcp -i ppp0 --dport 445 -j DROP
-A FORWARD -p tcp -m tcp -i ppp0 --dport 139 -j DROP
-A FORWARD -p udp -m udp -i ppp0 --dport 1434 -j DROP
# Allow connections to our SSH server
-A INPUT -p udp -m udp --dport 34578 -j ACCEPT
# Allow connections to our IDENT server
-A INPUT -p tcp -m tcp --dport auth -j ACCEPT
COMMIT
# Completed on Fri Jan 16 20:59:05 2009
# Generated by iptables-save v1.3.8 on Fri Jan 16 20:59:05 2009
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
#-A PREROUTING -p tcp -m tcp -m multiport -j TOS --dports 1432,1433 --set-tos 0x
10
# -A FORWARd -d 98.130.0.149 -j TOS --set-tos 0x08 -A FORWARD -d 98.130.0.149 j TOS --set-tos 0x08
#-A FORWARD -p tcp -m tcp -o ppp0 --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mssto-pmtu
#-A FORWARD -p tcp -m tcp -m multiport -j TOS --dports 1432,1433 --set-tos 0x10
-A FORWARD -p tcp -m tcp -m tcpmss -o ppp0 --tcp-flags SYN,RST SYN -j TCPMSS -mss 1448:1536 --clamp-mss-to-pmtu
-A POSTROUTING -p tcp -m tcp -m multiport -j TOS --dports 1432,1433 --set-tos 0x
10
#-A FORWARD -p tcp -m tcp -m multiport -j TOS --dports 1432,1433 --set-tos 0x5d
COMMIT
# Completed on Fri Jan 16 20:59:05 2009
# Generated by iptables-save v1.3.8 on Fri Jan 16 20:59:05 2009
*nat

:OUTPUT ACCEPT [0:0]


:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 5901 --sta
te NEW -j DNAT --to-destination 10.0.0.123:5900
-A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 2323 --sta
te NEW -j DNAT --to-destination 10.0.0.123:22
-A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 5900 --sta
te NEW -j DNAT --to-destination 10.0.0.124:5900
-A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 2222 --sta
te NEW -j DNAT --to-destination 10.0.0.124:22
-A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 3389 --sta
te NEW -j DNAT --to-destination 10.0.0.118:3389
-A PREROUTING -p udp -m udp -m state -d 124.109.36.38 -i ppp0 --dport 34578 --st
ate NEW -j DNAT --to-destination 10.0.0.118:34578
-A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 34578 --st
ate NEW -j DNAT --to-destination 10.0.0.118:34578
-A PREROUTING -p tcp -m tcp -m state -d 124.109.36.38 -i ppp0 --dport 32196 --st
ate NEW -j DNAT --to-destination 10.0.0.109:32196
-A PREROUTING -p udp -m udp -m state -d 124.109.36.38 -i ppp0 --dport 32196 --st
ate NEW -j DNAT --to-destination 10.0.0.109:32196
# -A PREROUTING -d 124.109.33.218 -i ppp0 -j DNAT --to-destination 192.168.168.1
70
-A PREROUTING -d 124.109.33.219 -i ppp0 -j DNAT --to-destination 10.0.0.169
-A PREROUTING -d 124.109.33.220 -i ppp0 -j DNAT --to-destination 10.0.0.195
-A PREROUTING -d 124.109.33.221 -i ppp0 -j DNAT --to-destination 10.0.0.186
-A POSTROUTING -p tcp -m tcp --dport 23 -j DROP
-A POSTROUTING -p tcp -m tcp --dport 6000:7000 -j DROP
-A POSTROUTING -p tcp -m tcp --dport 6667 -j DROP
-A POSTROUTING -p tcp -m tcp --dport 6666 -j DROP
# -A POSTROUTING -s 192.168.168.170 -o ppp0 -j SNAT --to-source 124.109.33.218
-A POSTROUTING -s 10.0.0.169 ! -d 10.0.0.0/23 -o ppp0 -j SNAT --to-source 124.10
9.33.219
-A POSTROUTING -s 10.0.0.195 ! -d 10.0.0.0/23 -o ppp0 -j SNAT --to-source 124.10
9.33.220
-A POSTROUTING -s 10.0.0.186 ! -d 10.0.0.0/23 -o ppp0 -j SNAT --to-source 124.10
9.33.221
-A POSTROUTING -s 10.0.0.193 ! -d 10.0.0.0/23 -o ppp0 -j SNAT --to-source 124.10
9.33.222
# -A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 -d 72.41.4.25 -o ppp0 --dport 1432
-j MASQUERADE
-A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 -d 98.130.0.149 -o ppp0 --dport 1433
-j MASQUERADE
-A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 186
3 -j MASQUERADE
-A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 338
9 -j MASQUERADE
-A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 21
-j MASQUERADE
-A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 22
-j MASQUERADE
-A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 25
-j MASQUERADE
-A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 995
-j MASQUERADE
-A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 465
-j MASQUERADE
-A POSTROUTING -p tcp -m tcp -s 10.0.0.0/23 ! -d 10.0.0.0/23 -o ppp0 --dport 110
-j MASQUERADE

#-A POSTROUTING -s 10.0.0.177 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE


-A POSTROUTING -s 10.0.0.139 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.81 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.146 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.118 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.169 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.253 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.211 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.102 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.103 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.109 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.105 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.1.230 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.1.231 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.123 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
#-A POSTROUTING -s 10.0.0.84 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.119 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.205 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.124 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.123 ! -d 10.0.0.0/23 -o ppp0 -j MASQUERADE
-A POSTROUTING -p tcp -m tcp -s 10.0.0.156 -o ppp0 ! --dport 80 -j MASQUERADE
-A PREROUTING -d 124.109.33.222 -i ppp0 -j DNAT --to-destination 10.0.0.193
COMMIT
# Completed on Fri Jan 16 20:59:05 2009

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy