diff options
Diffstat (limited to 'core/conf')
| -rw-r--r-- | core/conf/iptables/bridge.v4 | 33 | ||||
| -rw-r--r-- | core/conf/iptables/server.v4 | 60 |
2 files changed, 49 insertions, 44 deletions
diff --git a/core/conf/iptables/bridge.v4 b/core/conf/iptables/bridge.v4 index 4930262..bea9be0 100644 --- a/core/conf/iptables/bridge.v4 +++ b/core/conf/iptables/bridge.v4 @@ -1,34 +1,34 @@ -# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019 +# Generated by iptables-save v1.8.2 on Sun Jul 7 23:48:36 2019 *security :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT -# Completed on Fri Jun 28 01:22:10 2019 -# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019 +# Completed on Sun Jul 7 23:48:36 2019 +# Generated by iptables-save v1.8.2 on Sun Jul 7 23:48:36 2019 *raw -:PREROUTING ACCEPT [2:80] -:OUTPUT ACCEPT [3:4544] +:PREROUTING ACCEPT [0:0] +:OUTPUT ACCEPT [1:2468] COMMIT -# Completed on Fri Jun 28 01:22:10 2019 -# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019 +# Completed on Sun Jul 7 23:48:36 2019 +# Generated by iptables-save v1.8.2 on Sun Jul 7 23:48:36 2019 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT -# Completed on Fri Jun 28 01:22:10 2019 -# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019 +# Completed on Sun Jul 7 23:48:36 2019 +# Generated by iptables-save v1.8.2 on Sun Jul 7 23:48:36 2019 *mangle -:PREROUTING ACCEPT [2:80] -:INPUT ACCEPT [2:80] +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [3:4544] -:POSTROUTING ACCEPT [2:2292] +:OUTPUT ACCEPT [1:2468] +:POSTROUTING ACCEPT [0:0] COMMIT -# Completed on Fri Jun 28 01:22:10 2019 -# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019 +# Completed on Sun Jul 7 23:48:36 2019 +# Generated by iptables-save v1.8.2 on Sun Jul 7 23:48:36 2019 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] @@ -92,6 +92,7 @@ COMMIT -A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_git_in -A FORWARD -i br0 -o br0 -p tcp -m physdev --physdev-in enp8s0 -m tcp --sport 443 --dport 1024:65535 -j ACCEPT -A FORWARD -d 10.0.0.3/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j cli_http_in +-A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j cli_http_in -A FORWARD -i br0 -o br0 -p udp -m udp --sport 520 --dport 519 -j DROP -A FORWARD -i br0 -o br0 -p udp -m udp --sport 520 --dport 520 -j DROP -A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7 @@ -220,4 +221,4 @@ COMMIT -A srv_ssh_out -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -A srv_ssh_out -j RETURN COMMIT -# Completed on Fri Jun 28 01:22:10 2019 +# Completed on Sun Jul 7 23:48:36 2019 diff --git a/core/conf/iptables/server.v4 b/core/conf/iptables/server.v4 index ed202ee..678800b 100644 --- a/core/conf/iptables/server.v4 +++ b/core/conf/iptables/server.v4 @@ -1,34 +1,34 @@ -# Generated by iptables-save v1.8.2 on Sat Jun 8 19:50:25 2019 +# Generated by iptables-save v1.8.3 on Mon Jul 8 00:42:39 2019 *security :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT -# Completed on Sat Jun 8 19:50:25 2019 -# Generated by iptables-save v1.8.2 on Sat Jun 8 19:50:25 2019 +# Completed on Mon Jul 8 00:42:39 2019 +# Generated by iptables-save v1.8.3 on Mon Jul 8 00:42:39 2019 *raw :PREROUTING ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] +:OUTPUT ACCEPT [1:132] COMMIT -# Completed on Sat Jun 8 19:50:25 2019 -# Generated by iptables-save v1.8.2 on Sat Jun 8 19:50:25 2019 +# Completed on Mon Jul 8 00:42:39 2019 +# Generated by iptables-save v1.8.3 on Mon Jul 8 00:42:39 2019 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT -# Completed on Sat Jun 8 19:50:25 2019 -# Generated by iptables-save v1.8.2 on Sat Jun 8 19:50:25 2019 +# Completed on Mon Jul 8 00:42:39 2019 +# Generated by iptables-save v1.8.3 on Mon Jul 8 00:42:39 2019 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] +:OUTPUT ACCEPT [1:132] :POSTROUTING ACCEPT [0:0] COMMIT -# Completed on Sat Jun 8 19:50:25 2019 -# Generated by iptables-save v1.8.2 on Sat Jun 8 19:50:25 2019 +# Completed on Mon Jul 8 00:42:39 2019 +# Generated by iptables-save v1.8.3 on Mon Jul 8 00:42:39 2019 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] @@ -71,26 +71,30 @@ COMMIT :srv_ssh_out - [0:0] -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT -A INPUT -j blocker --A INPUT -s 212.55.154.174/32 -d 10.0.0.254/32 -i enp8s0 -j cli_dns_in --A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i enp8s0 -j srv_https_in --A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i enp8s0 -j srv_ssh_in --A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i enp8s0 -j srv_git_in --A INPUT -d 10.0.0.254/32 -i enp8s0 -j srv_https_in --A INPUT -d 10.0.0.254/32 -i enp8s0 -j cli_https_in --A INPUT -d 10.0.0.254/32 -i enp8s0 -j srv_ssh_in --A INPUT -d 10.0.0.254/32 -i enp8s0 -j srv_git_in +-A INPUT -s 10.0.0.254/32 -d 10.0.0.4/32 -i ens3 -j cli_dns_in +-A INPUT -s 10.0.0.0/8 -d 10.0.0.4/32 -i ens3 -j srv_https_in +-A INPUT -s 10.0.0.0/8 -d 10.0.0.4/32 -i ens3 -j srv_ssh_in +-A INPUT -s 10.0.0.0/8 -d 10.0.0.4/32 -i ens3 -j srv_git_in +-A INPUT -s 10.0.0.0/8 -d 10.0.0.4/32 -i ens3 -j cli_http_in +-A INPUT -d 10.0.0.4/32 -i ens3 -j srv_https_in +-A INPUT -d 10.0.0.4/32 -i ens3 -j cli_https_in +-A INPUT -d 10.0.0.4/32 -i ens3 -j cli_http_in +-A INPUT -d 10.0.0.4/32 -i ens3 -j srv_ssh_in +-A INPUT -d 10.0.0.4/32 -i ens3 -j srv_git_in -A INPUT -j LOG --log-prefix "iptables: INPUT: " --log-level 7 -A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7 -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -o lo -j ACCEPT -A OUTPUT -j blocker --A OUTPUT -s 10.0.0.254/32 -d 212.55.154.174/32 -o enp8s0 -j cli_dns_out --A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o enp8s0 -j srv_https_out --A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o enp8s0 -j srv_ssh_out --A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o enp8s0 -j srv_git_out --A OUTPUT -s 10.0.0.254/32 -o enp8s0 -j cli_https_out --A OUTPUT -s 10.0.0.254/32 -o enp8s0 -j srv_https_out --A OUTPUT -d 10.0.0.0/8 -o enp8s0 -j srv_ssh_out --A OUTPUT -d 10.0.0.0/8 -o enp8s0 -j srv_git_out +-A OUTPUT -s 10.0.0.4/32 -d 10.0.0.254/32 -o ens3 -j cli_dns_out +-A OUTPUT -s 10.0.0.4/32 -d 10.0.0.0/8 -o ens3 -j cli_http_out +-A OUTPUT -s 10.0.0.4/32 -d 10.0.0.0/8 -o ens3 -j srv_https_out +-A OUTPUT -s 10.0.0.4/32 -d 10.0.0.0/8 -o ens3 -j srv_ssh_out +-A OUTPUT -s 10.0.0.4/32 -d 10.0.0.0/8 -o ens3 -j srv_git_out +-A OUTPUT -s 10.0.0.4/32 -o ens3 -j cli_https_out +-A OUTPUT -s 10.0.0.4/32 -o ens3 -j cli_http_out +-A OUTPUT -s 10.0.0.4/32 -o ens3 -j srv_https_out +-A OUTPUT -d 10.0.0.0/8 -o ens3 -j srv_ssh_out +-A OUTPUT -d 10.0.0.0/8 -o ens3 -j srv_git_out -A OUTPUT -j LOG --log-prefix "iptables: OUTPUT: " --log-level 7 -A blocker -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop sync: " --log-level 7 -A blocker -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP @@ -201,4 +205,4 @@ COMMIT -A srv_ssh_out -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -A srv_ssh_out -j RETURN COMMIT -# Completed on Sat Jun 8 19:50:25 2019 +# Completed on Mon Jul 8 00:42:39 2019 |