oHbEt.. configuration backup, how to, sample config and reminder..: iptables for chillispot

#IPTABLES
# Generated by iptables-save v1.2.11 on Fri Apr 27 18:35:55 2007


*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [37:3532]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1812 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p udp -m udp --dport 1812 -j ACCEPT
-A INPUT -p udp -m udp --dport 1813 -j ACCEPT
-A INPUT -p udp -m udp --dport 1814 -j ACCEPT
#ftp
#-A INPUT -p tcp -m tcp --dport 20 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 20 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 1812 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -m iprange --src-range 10.10.1.200-10.10.1.230 -j ACCEPT
-A INPUT -i eth0 -s 10.1.1.1 -j ACCEPT
-A INPUT -i eth0 -s 10.1.9.3 -j ACCEPT
-A INPUT -m iprange --src-range 10.180.90.1-10.180.91.7 -j ACCEPT
#
#
#-A INPUT -i eth0 -s 10.10.1.1 -j ACCEPT
#-A INPUT -i eth0 -p tcp -m tcp -m multiport --destination-port 69 -j ACCEPT
#-A INPUT -i eth0 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth1 -j DROP
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3990 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s 10.10.1.0/24 -j ACCEPT
-A INPUT -s 10.10.9.0/24 -j ACCEPT
-A INPUT -s 10.210.1.1 -j ACCEPT
-A INPUT -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG --log-prefix "--firewall-logs-chili-dvo--"
-A INPUT -i lo -j ACCEPT
-A FORWARD -i eth1 -j DROP
-A FORWARD -o eth1 -j DROP
COMMIT
# Completed on Fri Apr 27 18:35:55 2007
# Generated by iptables-save v1.2.11 on Fri Apr 27 18:35:55 2007
*nat
:PREROUTING ACCEPT [3654:725407]
:POSTROUTING ACCEPT [2:168]
:OUTPUT ACCEPT [24:1466]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Apr 27 18:35:55 2007
# Generated by iptables-save v1.2.11 on Fri Apr 27 18:35:55 2007
*mangle
:PREROUTING ACCEPT [5730:883086]
:INPUT ACCEPT [5321:743721]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1743:211303]
:POSTROUTING ACCEPT [1743:211303]
COMMIT
# Completed on Fri Apr 27 18:35:55 2007

oHbEt.. configuration backup, how to, sample config and reminder..

Wednesday, December 10, 2008

iptables for chillispot - working

Total Pageviews