about summary refs log tree commit diff stats
path: root/core/conf
diff options
context:
space:
mode:
Diffstat (limited to 'core/conf')
-rw-r--r--core/conf/iptables/bridge.v4852
-rw-r--r--core/conf/iptables/ipt-bridge.sh12
-rw-r--r--core/conf/iptables/ipt-conf.sh1
-rw-r--r--core/conf/iptables/ipt-firewall.sh129
-rw-r--r--core/conf/iptables/ipt-server.sh2
-rw-r--r--core/conf/iptables/server.v438
-rwxr-xr-xcore/conf/rc.d/fcgiwrap41
-rwxr-xr-xcore/conf/rc.d/git-daemon43
-rw-r--r--core/conf/rc.d/iptables80
-rwxr-xr-xcore/conf/rc.d/postgresql16
10 files changed, 1033 insertions, 181 deletions
diff --git a/core/conf/iptables/bridge.v4 b/core/conf/iptables/bridge.v4
index 7048bdb..bf0245a 100644
--- a/core/conf/iptables/bridge.v4
+++ b/core/conf/iptables/bridge.v4
@@ -1,39 +1,41 @@
-# Generated by iptables-save v1.8.3 on Thu Sep 12 14:45:57 2019
+# Generated by iptables-save v1.8.4 on Mon Feb 17 16:36:51 2020
 *security
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 COMMIT
-# Completed on Thu Sep 12 14:45:57 2019
-# Generated by iptables-save v1.8.3 on Thu Sep 12 14:45:57 2019
+# Completed on Mon Feb 17 16:36:51 2020
+# Generated by iptables-save v1.8.4 on Mon Feb 17 16:36:51 2020
 *raw
 :PREROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [2:104]
+:OUTPUT ACCEPT [187:272176]
 COMMIT
-# Completed on Thu Sep 12 14:45:57 2019
-# Generated by iptables-save v1.8.3 on Thu Sep 12 14:45:57 2019
+# Completed on Mon Feb 17 16:36:51 2020
+# Generated by iptables-save v1.8.4 on Mon Feb 17 16:36:51 2020
 *nat
 :PREROUTING ACCEPT [0:0]
 :INPUT ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
 COMMIT
-# Completed on Thu Sep 12 14:45:57 2019
-# Generated by iptables-save v1.8.3 on Thu Sep 12 14:45:57 2019
+# Completed on Mon Feb 17 16:36:51 2020
+# Generated by iptables-save v1.8.4 on Mon Feb 17 16:36:51 2020
 *mangle
 :PREROUTING ACCEPT [0:0]
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [2:104]
+:OUTPUT ACCEPT [187:272176]
 :POSTROUTING ACCEPT [0:0]
 COMMIT
-# Completed on Thu Sep 12 14:45:57 2019
-# Generated by iptables-save v1.8.3 on Thu Sep 12 14:45:57 2019
+# Completed on Mon Feb 17 16:36:51 2020
+# Generated by iptables-save v1.8.4 on Mon Feb 17 16:36:51 2020
 *filter
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
 :OUTPUT DROP [0:0]
 :blocker - [0:0]
+:blockip_in - [0:0]
+:blockip_out - [0:0]
 :cli_dns_in - [0:0]
 :cli_dns_out - [0:0]
 :cli_ftp_in - [0:0]
@@ -68,59 +70,74 @@ COMMIT
 :srv_icmp - [0:0]
 :srv_ntp - [0:0]
 :srv_rip - [0:0]
+:srv_smtp_in - [0:0]
+:srv_smtp_out - [0:0]
 :srv_ssh_in - [0:0]
 :srv_ssh_out - [0:0]
 -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
 -A INPUT -s 10.0.0.254/32 -d 10.0.0.254/32 -i lo -j ACCEPT
 -A INPUT -j blocker
--A INPUT -d 10.0.0.254/32 -i br0 -p tcp -m tcp --sport 3030 --dport 1024:65535 -j DROP
--A INPUT -i br0 -j srv_dhcp
+-A INPUT -j blockip_in
+-A INPUT -i br0 -p udp -m udp --sport 520 --dport 520 -j DROP
+-A INPUT -d 10.0.0.254/32 -i br0 -p tcp -m tcp --sport 3030 -j DROP
+-A INPUT -s 212.55.154.174/32 -d 10.0.0.254/32 -i br0 -j cli_dns_in
+-A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i br0 -m physdev --physdev-in tap2 -j cli_http_in
+-A INPUT -s 10.0.0.1/32 -i br0 -m physdev --physdev-in enp8s0 -j cli_http_in
+-A INPUT -i br0 -m physdev --physdev-in enp8s0 -j cli_https_in
+-A INPUT -i br0 -m physdev --physdev-in tap2 -j cli_https_in
+-A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i br0 -j cli_ssh_in
+-A INPUT -s 10.0.0.4/32 -d 10.0.0.254/32 -i br0 -j cli_git_in
 -A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i br0 -j srv_dns_in
--A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i br0 -j srv_icmp
+-A INPUT -s 10.0.0.1/32 -i br0 -m physdev --physdev-in enp8s0 -j srv_dhcp
+-A INPUT -s 10.0.0.0/8 -i br0 -m physdev --physdev-in enp8s0 -j srv_dhcp
 -A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i br0 -j srv_ssh_in
--A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i br0 -j cli_http_in
--A INPUT -s 212.55.154.174/32 -d 10.0.0.254/32 -i br0 -j cli_dns_in
--A INPUT -d 10.0.0.254/32 -i br0 -j cli_https_in
--A INPUT -i br0 -j cli_http_in
--A INPUT -d 10.0.0.254/32 -i br0 -j cli_git_in
--A INPUT -d 10.0.0.254/32 -i br0 -j cli_ssh_in
--A INPUT -d 10.0.0.254/32 -i br0 -j srv_ntp
--A INPUT -d 10.0.0.254/32 -i br0 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -j LOG --log-prefix "iptables: INPUT: " --log-level 7
+-A FORWARD -j blocker
+-A FORWARD -j blockip_in
+-A FORWARD -j blockip_out
 -A FORWARD -s 10.0.0.0/8 -d 10.0.0.0/8 -i br0 -o br0 -j ACCEPT
+-A FORWARD -i br0 -o br0 -p udp -m udp --sport 520 --dport 520 -j DROP
 -A FORWARD -s 0.0.0.0/32 -d 255.255.255.255/32 -i br0 -o br0 -j srv_dhcp
--A FORWARD -s 10.0.0.0/8 -i br0 -o br0 -j ACCEPT
--A FORWARD -d 10.0.0.5/32 -i br0 -o br0 -j ACCEPT
--A FORWARD -s 212.55.154.174/32 -d 10.0.0.254/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j cli_dns_in
--A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_http_in
--A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_https_in
+-A FORWARD -s 10.0.0.4/32 -d 212.55.154.174/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 10.0.0.4/32 -d 204.140.20.21/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 10.0.0.4/32 -d 50.23.197.95/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 10.0.0.4/32 -d 50.23.197.94/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 10.0.0.4/32 -d 212.55.154.174/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 10.0.0.4/32 -d 204.140.20.21/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 10.0.0.4/32 -d 50.23.197.94/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 212.55.154.174/32 -d 10.0.0.4/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 204.140.20.21/32 -d 10.0.0.4/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 50.23.197.95/32 -d 10.0.0.4/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 50.23.197.94/32 -d 10.0.0.4/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 212.55.154.174/32 -d 10.0.0.4/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 204.140.20.21/32 -d 10.0.0.4/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 50.23.197.94/32 -d 10.0.0.4/32 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 10.0.0.3/32 -i br0 -m physdev --physdev-in tap1 --physdev-out enp8s0 -j cli_https_out
+-A FORWARD -s 10.0.0.3/32 -i br0 -m physdev --physdev-in tap1 --physdev-out enp8s0 -j cli_http_out
+-A FORWARD -d 10.0.0.3/32 -i br0 -m physdev --physdev-in enp8s0 --physdev-out tap1 -j cli_https_in
+-A FORWARD -d 10.0.0.3/32 -i br0 -m physdev --physdev-in enp8s0 --physdev-out tap1 -j cli_http_in
 -A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_ssh_in
+-A FORWARD -s 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in tap2 -j srv_ssh_out
 -A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_git_in
--A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_ntp
--A FORWARD -i br0 -o br0 -p tcp -m physdev --physdev-in enp8s0 -m tcp --sport 443 --dport 1024:65535 -j ACCEPT
--A FORWARD -d 10.0.0.3/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j cli_http_in
--A FORWARD -d 10.0.0.3/32 -i br0 -o br0 -p tcp -m physdev --physdev-in enp8s0 -m tcp --sport 1024:65535 --dport 1024:65535 -j ACCEPT
+-A FORWARD -s 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in tap2 -j srv_git_out
 -A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j cli_http_in
--A FORWARD -i br0 -o br0 -p udp -m udp --sport 520 --dport 519 -j DROP
--A FORWARD -i br0 -o br0 -p udp -m udp --sport 520 --dport 520 -j DROP
+-A FORWARD -s 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in tap2 -j cli_http_out
 -A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7
 -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -o lo -j ACCEPT
 -A OUTPUT -s 10.0.0.254/32 -d 10.0.0.254/32 -o lo -j ACCEPT
--A OUTPUT -s 10.0.0.254/32 -o br0 -p tcp -m tcp --sport 1024:65535 --dport 3030 -j DROP
--A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j srv_dhcp
+-A OUTPUT -o br0 -p udp -m udp --sport 520 --dport 520 -j DROP
+-A OUTPUT -s 10.0.0.254/32 -o br0 -p tcp -m tcp --dport 3030 -j DROP
+-A OUTPUT -o blockip_out
+-A OUTPUT -s 10.0.0.254/32 -d 212.55.154.174/32 -o br0 -j cli_dns_out
 -A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j srv_dns_out
 -A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j srv_ssh_out
--A OUTPUT -s 10.0.0.254/32 -o br0 -j srv_git_out
--A OUTPUT -o br0 -j srv_icmp
--A OUTPUT -s 10.0.0.254/32 -d 212.55.154.174/32 -o br0 -j cli_dns_out
--A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j cli_ssh_out
--A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j cli_git_out
 -A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j cli_http_out
+-A OUTPUT -s 10.0.0.254/32 -d 10.0.0.1/32 -o br0 -j cli_http_out
 -A OUTPUT -s 10.0.0.254/32 -o br0 -j cli_https_out
--A OUTPUT -s 10.0.0.254/32 -o br0 -j cli_git_out
--A OUTPUT -j cli_http_out
--A OUTPUT -s 10.0.0.254/32 -o br0 -j srv_ntp
--A OUTPUT -s 10.0.0.254/32 -o br0 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -j ACCEPT
+-A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j cli_ssh_out
+-A OUTPUT -s 10.0.0.254/32 -d 10.0.0.4/32 -o br0 -j cli_git_out
+-A OUTPUT -d 10.0.0.0/8 -o br0 -j srv_dhcp
+-A OUTPUT -d 10.0.0.0/8 -o br0 -j srv_icmp
 -A OUTPUT -j LOG --log-prefix "iptables: OUTPUT: " --log-level 7
 -A blocker -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop sync: " --log-level 7
 -A blocker -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
@@ -138,6 +155,734 @@ COMMIT
 -A blocker -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
 -A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
 -A blocker -j RETURN
+-A blockip_in -s 52.0.0.0/8 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.0.0.0/8 -j DROP
+-A blockip_in -s 54.0.0.0/8 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.0.0.0/8 -j DROP
+-A blockip_in -s 13.48.203.206/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.48.203.206/32 -j DROP
+-A blockip_in -s 2.21.169.41/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 2.21.169.41/32 -j DROP
+-A blockip_in -s 13.115.174.176/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.115.174.176/32 -j DROP
+-A blockip_in -s 18.182.0.0/16 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.182.0.0/16 -j DROP
+-A blockip_in -s 23.10.69.56/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 23.10.69.56/32 -j DROP
+-A blockip_in -s 104.89.189.238/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 104.89.189.238/32 -j DROP
+-A blockip_in -s 195.8.22.40/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.22.40/32 -j DROP
+-A blockip_in -s 195.8.22.41/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.22.41/32 -j DROP
+-A blockip_in -s 2.16.65.168/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 2.16.65.168/32 -j DROP
+-A blockip_in -s 2.16.65.152/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 2.16.65.152/32 -j DROP
+-A blockip_in -s 88.221.64.239/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 88.221.64.239/32 -j DROP
+-A blockip_in -s 195.8.22.138/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.22.138/32 -j DROP
+-A blockip_in -s 195.8.22.152/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.22.152/32 -j DROP
+-A blockip_in -s 23.10.74.160/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 23.10.74.160/32 -j DROP
+-A blockip_in -s 195.8.15.224/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.15.224/32 -j DROP
+-A blockip_in -s 195.8.15.209/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.15.209/32 -j DROP
+-A blockip_in -s 23.10.76.42/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 23.10.76.42/32 -j DROP
+-A blockip_in -s 88.221.65.114/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 88.221.65.114/32 -j DROP
+-A blockip_in -s 195.8.22.40/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.22.40/32 -j DROP
+-A blockip_in -s 195.8.22.48/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.22.48/32 -j DROP
+-A blockip_in -s 2.16.65.147/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 2.16.65.147/32 -j DROP
+-A blockip_in -s 2.16.65.171/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 2.16.65.171/32 -j DROP
+-A blockip_in -s 88.221.65.13/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 88.221.65.13/32 -j DROP
+-A blockip_in -s 195.8.22.64/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.22.64/32 -j DROP
+-A blockip_in -s 195.8.22.40/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.22.40/32 -j DROP
+-A blockip_in -s 195.8.22.152/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.22.152/32 -j DROP
+-A blockip_in -s 195.8.22.138/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.22.138/32 -j DROP
+-A blockip_in -s 23.37.165.98/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 23.37.165.98/32 -j DROP
+-A blockip_in -s 23.39.84.7/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 23.39.84.7/32 -j DROP
+-A blockip_in -s 23.37.165.98/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 23.37.165.98/32 -j DROP
+-A blockip_in -s 195.8.15.224/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.15.224/32 -j DROP
+-A blockip_in -s 195.8.15.209/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 195.8.15.209/32 -j DROP
+-A blockip_in -s 2.16.65.152/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 2.16.65.152/32 -j DROP
+-A blockip_in -s 2.16.65.168/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 2.16.65.168/32 -j DROP
+-A blockip_in -s 13.225.241.27/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.27/32 -j DROP
+-A blockip_in -s 13.225.241.212/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.212/32 -j DROP
+-A blockip_in -s 13.225.241.199/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.199/32 -j DROP
+-A blockip_in -s 13.225.241.79/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.79/32 -j DROP
+-A blockip_in -s 18.197.26.211/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.197.26.211/32 -j DROP
+-A blockip_in -s 3.120.59.84/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.120.59.84/32 -j DROP
+-A blockip_in -s 18.197.83.103/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.197.83.103/32 -j DROP
+-A blockip_in -s 3.120.65.125/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.120.65.125/32 -j DROP
+-A blockip_in -s 3.120.50.86/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.120.50.86/32 -j DROP
+-A blockip_in -s 18.197.76.109/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.197.76.109/32 -j DROP
+-A blockip_in -s 3.120.165.77/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.120.165.77/32 -j DROP
+-A blockip_in -s 18.197.222.92/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.197.222.92/32 -j DROP
+-A blockip_in -s 35.156.254.127/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.156.254.127/32 -j DROP
+-A blockip_in -s 35.157.9.106/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.157.9.106/32 -j DROP
+-A blockip_in -s 35.156.192.89/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.156.192.89/32 -j DROP
+-A blockip_in -s 35.158.207.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.158.207.255/32 -j DROP
+-A blockip_in -s 3.124.153.99/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.124.153.99/32 -j DROP
+-A blockip_in -s 3.123.92.221/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.123.92.221/32 -j DROP
+-A blockip_in -s 35.156.224.167/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.156.224.167/32 -j DROP
+-A blockip_in -s 35.157.45.201/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.157.45.201/32 -j DROP
+-A blockip_in -s 54.93.153.201/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.93.153.201/32 -j DROP
+-A blockip_in -s 35.156.103.70/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.156.103.70/32 -j DROP
+-A blockip_in -s 18.196.78.8/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.196.78.8/32 -j DROP
+-A blockip_in -s 35.157.20.203/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.157.20.203/32 -j DROP
+-A blockip_in -s 18.195.110.84/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.195.110.84/32 -j DROP
+-A blockip_in -s 18.195.82.208/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.195.82.208/32 -j DROP
+-A blockip_in -s 18.194.31.225/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.194.31.225/32 -j DROP
+-A blockip_in -s 52.58.105.233/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.58.105.233/32 -j DROP
+-A blockip_in -s 3.120.241.69/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.120.241.69/32 -j DROP
+-A blockip_in -s 52.28.195.9/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.28.195.9/32 -j DROP
+-A blockip_in -s 13.225.241.212/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.212/32 -j DROP
+-A blockip_in -s 13.225.241.79/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.79/32 -j DROP
+-A blockip_in -s 13.225.241.27/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.27/32 -j DROP
+-A blockip_in -s 13.225.241.199/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.199/32 -j DROP
+-A blockip_in -s 13.225.241.79/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.79/32 -j DROP
+-A blockip_in -s 13.225.241.199/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.199/32 -j DROP
+-A blockip_in -s 13.225.241.212/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.212/32 -j DROP
+-A blockip_in -s 13.225.241.79/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.79/32 -j DROP
+-A blockip_in -s 13.225.241.199/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.199/32 -j DROP
+-A blockip_in -s 13.225.241.79/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.79/32 -j DROP
+-A blockip_in -s 13.225.241.27/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.27/32 -j DROP
+-A blockip_in -s 13.225.241.199/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.199/32 -j DROP
+-A blockip_in -s 13.225.241.79/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.79/32 -j DROP
+-A blockip_in -s 13.225.241.199/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.199/32 -j DROP
+-A blockip_in -s 13.225.241.27/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.27/32 -j DROP
+-A blockip_in -s 13.225.241.212/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.241.212/32 -j DROP
+-A blockip_in -s 18.194.111.172/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.194.111.172/32 -j DROP
+-A blockip_in -s 18.195.232.16/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.195.232.16/32 -j DROP
+-A blockip_in -s 18.195.34.196/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.195.34.196/32 -j DROP
+-A blockip_in -s 18.185.187.153/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.185.187.153/32 -j DROP
+-A blockip_in -s 18.184.201.126/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.184.201.126/32 -j DROP
+-A blockip_in -s 18.194.82.205/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.194.82.205/32 -j DROP
+-A blockip_in -s 18.185.150.188/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.185.150.188/32 -j DROP
+-A blockip_in -s 18.185.156.16/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.185.156.16/32 -j DROP
+-A blockip_in -s 13.225.13.61/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.13.61/32 -j DROP
+-A blockip_in -s 72.21.195.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 72.21.195.65/32 -j DROP
+-A blockip_in -s 13.225.13.61/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.13.61/32 -j DROP
+-A blockip_in -s 52.46.145.112/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.46.145.112/32 -j DROP
+-A blockip_in -s 52.46.141.49/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.46.141.49/32 -j DROP
+-A blockip_in -s 54.239.26.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.239.26.255/32 -j DROP
+-A blockip_in -s 54.71.96.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.71.96.255/32 -j DROP
+-A blockip_in -s 34.214.185.21/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 34.214.185.21/32 -j DROP
+-A blockip_in -s 52.32.14.1/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.32.14.1/32 -j DROP
+-A blockip_in -s 35.166.250.92/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.166.250.92/32 -j DROP
+-A blockip_in -s 54.200.12.154/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.200.12.154/32 -j DROP
+-A blockip_in -s 52.37.114.192/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.37.114.192/32 -j DROP
+-A blockip_in -s 13.225.245.72/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.72/32 -j DROP
+-A blockip_in -s 13.225.245.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.65/32 -j DROP
+-A blockip_in -s 13.225.245.18/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.18/32 -j DROP
+-A blockip_in -s 13.225.245.33/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.33/32 -j DROP
+-A blockip_in -s 35.160.240.60/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.160.240.60/32 -j DROP
+-A blockip_in -s 52.10.136.27/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.10.136.27/32 -j DROP
+-A blockip_in -s 54.71.96.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.71.96.255/32 -j DROP
+-A blockip_in -s 54.200.12.154/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.200.12.154/32 -j DROP
+-A blockip_in -s 52.32.14.1/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.32.14.1/32 -j DROP
+-A blockip_in -s 34.214.185.21/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 34.214.185.21/32 -j DROP
+-A blockip_in -s 35.166.250.92/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.166.250.92/32 -j DROP
+-A blockip_in -s 35.160.240.60/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.160.240.60/32 -j DROP
+-A blockip_in -s 13.225.245.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.65/32 -j DROP
+-A blockip_in -s 13.225.245.33/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.33/32 -j DROP
+-A blockip_in -s 13.225.245.72/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.72/32 -j DROP
+-A blockip_in -s 13.225.245.18/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.18/32 -j DROP
+-A blockip_in -s 18.197.26.211/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.197.26.211/32 -j DROP
+-A blockip_in -s 3.120.59.84/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.120.59.84/32 -j DROP
+-A blockip_in -s 18.197.83.103/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.197.83.103/32 -j DROP
+-A blockip_in -s 3.120.65.125/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.120.65.125/32 -j DROP
+-A blockip_in -s 3.120.50.86/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.120.50.86/32 -j DROP
+-A blockip_in -s 18.197.76.109/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.197.76.109/32 -j DROP
+-A blockip_in -s 3.120.165.77/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.120.165.77/32 -j DROP
+-A blockip_in -s 18.197.222.92/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.197.222.92/32 -j DROP
+-A blockip_in -s 35.156.254.127/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.156.254.127/32 -j DROP
+-A blockip_in -s 35.157.9.106/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.157.9.106/32 -j DROP
+-A blockip_in -s 35.156.192.89/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.156.192.89/32 -j DROP
+-A blockip_in -s 35.158.207.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.158.207.255/32 -j DROP
+-A blockip_in -s 3.124.153.99/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.124.153.99/32 -j DROP
+-A blockip_in -s 3.123.92.221/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.123.92.221/32 -j DROP
+-A blockip_in -s 35.156.224.167/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.156.224.167/32 -j DROP
+-A blockip_in -s 35.157.45.201/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.157.45.201/32 -j DROP
+-A blockip_in -s 54.93.153.201/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.93.153.201/32 -j DROP
+-A blockip_in -s 35.156.103.70/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.156.103.70/32 -j DROP
+-A blockip_in -s 18.196.78.8/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.196.78.8/32 -j DROP
+-A blockip_in -s 35.157.20.203/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.157.20.203/32 -j DROP
+-A blockip_in -s 18.195.110.84/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.195.110.84/32 -j DROP
+-A blockip_in -s 18.195.82.208/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.195.82.208/32 -j DROP
+-A blockip_in -s 18.194.31.225/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.194.31.225/32 -j DROP
+-A blockip_in -s 52.58.105.233/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.58.105.233/32 -j DROP
+-A blockip_in -s 3.120.241.69/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 3.120.241.69/32 -j DROP
+-A blockip_in -s 52.28.195.9/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.28.195.9/32 -j DROP
+-A blockip_in -s 13.225.245.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.65/32 -j DROP
+-A blockip_in -s 13.225.245.33/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.33/32 -j DROP
+-A blockip_in -s 13.225.245.72/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.72/32 -j DROP
+-A blockip_in -s 13.225.245.18/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.18/32 -j DROP
+-A blockip_in -s 54.200.12.154/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.200.12.154/32 -j DROP
+-A blockip_in -s 52.32.14.1/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.32.14.1/32 -j DROP
+-A blockip_in -s 34.214.185.21/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 34.214.185.21/32 -j DROP
+-A blockip_in -s 35.166.250.92/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.166.250.92/32 -j DROP
+-A blockip_in -s 54.71.96.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.71.96.255/32 -j DROP
+-A blockip_in -s 54.148.24.227/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.148.24.227/32 -j DROP
+-A blockip_in -s 52.41.41.102/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.41.41.102/32 -j DROP
+-A blockip_in -s 13.225.245.18/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.18/32 -j DROP
+-A blockip_in -s 13.225.245.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.65/32 -j DROP
+-A blockip_in -s 13.225.245.72/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.72/32 -j DROP
+-A blockip_in -s 13.225.245.33/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.33/32 -j DROP
+-A blockip_in -s 13.225.245.18/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.18/32 -j DROP
+-A blockip_in -s 13.225.245.33/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.33/32 -j DROP
+-A blockip_in -s 13.225.245.72/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.72/32 -j DROP
+-A blockip_in -s 13.225.245.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.65/32 -j DROP
+-A blockip_in -s 54.200.12.154/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.200.12.154/32 -j DROP
+-A blockip_in -s 34.214.185.21/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 34.214.185.21/32 -j DROP
+-A blockip_in -s 52.32.14.1/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 52.32.14.1/32 -j DROP
+-A blockip_in -s 54.148.24.227/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.148.24.227/32 -j DROP
+-A blockip_in -s 54.71.96.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 54.71.96.255/32 -j DROP
+-A blockip_in -s 35.166.250.92/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.166.250.92/32 -j DROP
+-A blockip_in -s 35.166.120.35/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 35.166.120.35/32 -j DROP
+-A blockip_in -s 13.225.245.18/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.18/32 -j DROP
+-A blockip_in -s 13.225.245.72/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.72/32 -j DROP
+-A blockip_in -s 13.225.245.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.65/32 -j DROP
+-A blockip_in -s 13.225.245.33/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 13.225.245.33/32 -j DROP
+-A blockip_in -s 18.194.111.172/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.194.111.172/32 -j DROP
+-A blockip_in -s 18.195.232.16/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.195.232.16/32 -j DROP
+-A blockip_in -s 18.195.34.196/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.195.34.196/32 -j DROP
+-A blockip_in -s 18.185.187.153/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.185.187.153/32 -j DROP
+-A blockip_in -s 18.184.201.126/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.184.201.126/32 -j DROP
+-A blockip_in -s 18.194.82.205/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.194.82.205/32 -j DROP
+-A blockip_in -s 18.185.150.188/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.185.150.188/32 -j DROP
+-A blockip_in -s 18.185.156.16/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_in -s 18.185.156.16/32 -j DROP
+-A blockip_out -d 52.0.0.0/8 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.0.0.0/8 -j DROP
+-A blockip_out -d 54.0.0.0/8 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.0.0.0/8 -j DROP
+-A blockip_out -d 13.48.203.206/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.48.203.206/32 -j DROP
+-A blockip_out -d 2.21.169.41/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 2.21.169.41/32 -j DROP
+-A blockip_out -d 13.115.174.176/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.115.174.176/32 -j DROP
+-A blockip_out -d 18.182.0.0/16 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.182.0.0/16 -j DROP
+-A blockip_out -d 23.10.69.56/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 23.10.69.56/32 -j DROP
+-A blockip_out -d 104.89.189.238/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 104.89.189.238/32 -j DROP
+-A blockip_out -d 195.8.22.40/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.22.40/32 -j DROP
+-A blockip_out -d 195.8.22.41/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.22.41/32 -j DROP
+-A blockip_out -d 2.16.65.168/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 2.16.65.168/32 -j DROP
+-A blockip_out -d 2.16.65.152/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 2.16.65.152/32 -j DROP
+-A blockip_out -d 88.221.64.239/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 88.221.64.239/32 -j DROP
+-A blockip_out -d 195.8.22.138/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.22.138/32 -j DROP
+-A blockip_out -d 195.8.22.152/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.22.152/32 -j DROP
+-A blockip_out -d 23.10.74.160/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 23.10.74.160/32 -j DROP
+-A blockip_out -d 195.8.15.224/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.15.224/32 -j DROP
+-A blockip_out -d 195.8.15.209/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.15.209/32 -j DROP
+-A blockip_out -d 23.10.76.42/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 23.10.76.42/32 -j DROP
+-A blockip_out -d 88.221.65.114/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 88.221.65.114/32 -j DROP
+-A blockip_out -d 195.8.22.40/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.22.40/32 -j DROP
+-A blockip_out -d 195.8.22.48/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.22.48/32 -j DROP
+-A blockip_out -d 2.16.65.147/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 2.16.65.147/32 -j DROP
+-A blockip_out -d 2.16.65.171/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 2.16.65.171/32 -j DROP
+-A blockip_out -d 88.221.65.13/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 88.221.65.13/32 -j DROP
+-A blockip_out -d 195.8.22.64/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.22.64/32 -j DROP
+-A blockip_out -d 195.8.22.40/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.22.40/32 -j DROP
+-A blockip_out -d 195.8.22.152/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.22.152/32 -j DROP
+-A blockip_out -d 195.8.22.138/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.22.138/32 -j DROP
+-A blockip_out -d 23.37.165.98/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 23.37.165.98/32 -j DROP
+-A blockip_out -d 23.39.84.7/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 23.39.84.7/32 -j DROP
+-A blockip_out -d 23.37.165.98/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 23.37.165.98/32 -j DROP
+-A blockip_out -d 195.8.15.224/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.15.224/32 -j DROP
+-A blockip_out -d 195.8.15.209/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 195.8.15.209/32 -j DROP
+-A blockip_out -d 2.16.65.152/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 2.16.65.152/32 -j DROP
+-A blockip_out -d 2.16.65.168/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 2.16.65.168/32 -j DROP
+-A blockip_out -d 13.225.241.27/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.27/32 -j DROP
+-A blockip_out -d 13.225.241.212/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.212/32 -j DROP
+-A blockip_out -d 13.225.241.199/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.199/32 -j DROP
+-A blockip_out -d 13.225.241.79/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.79/32 -j DROP
+-A blockip_out -d 18.197.26.211/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.197.26.211/32 -j DROP
+-A blockip_out -d 3.120.59.84/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.120.59.84/32 -j DROP
+-A blockip_out -d 18.197.83.103/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.197.83.103/32 -j DROP
+-A blockip_out -d 3.120.65.125/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.120.65.125/32 -j DROP
+-A blockip_out -d 3.120.50.86/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.120.50.86/32 -j DROP
+-A blockip_out -d 18.197.76.109/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.197.76.109/32 -j DROP
+-A blockip_out -d 3.120.165.77/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.120.165.77/32 -j DROP
+-A blockip_out -d 18.197.222.92/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.197.222.92/32 -j DROP
+-A blockip_out -d 35.156.254.127/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.156.254.127/32 -j DROP
+-A blockip_out -d 35.157.9.106/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.157.9.106/32 -j DROP
+-A blockip_out -d 35.156.192.89/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.156.192.89/32 -j DROP
+-A blockip_out -d 35.158.207.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.158.207.255/32 -j DROP
+-A blockip_out -d 3.124.153.99/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.124.153.99/32 -j DROP
+-A blockip_out -d 3.123.92.221/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.123.92.221/32 -j DROP
+-A blockip_out -d 35.156.224.167/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.156.224.167/32 -j DROP
+-A blockip_out -d 35.157.45.201/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.157.45.201/32 -j DROP
+-A blockip_out -d 54.93.153.201/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.93.153.201/32 -j DROP
+-A blockip_out -d 35.156.103.70/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.156.103.70/32 -j DROP
+-A blockip_out -d 18.196.78.8/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.196.78.8/32 -j DROP
+-A blockip_out -d 35.157.20.203/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.157.20.203/32 -j DROP
+-A blockip_out -d 18.195.110.84/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.195.110.84/32 -j DROP
+-A blockip_out -d 18.195.82.208/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.195.82.208/32 -j DROP
+-A blockip_out -d 18.194.31.225/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.194.31.225/32 -j DROP
+-A blockip_out -d 52.58.105.233/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.58.105.233/32 -j DROP
+-A blockip_out -d 3.120.241.69/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.120.241.69/32 -j DROP
+-A blockip_out -d 52.28.195.9/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.28.195.9/32 -j DROP
+-A blockip_out -d 13.225.241.212/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.212/32 -j DROP
+-A blockip_out -d 13.225.241.79/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.79/32 -j DROP
+-A blockip_out -d 13.225.241.27/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.27/32 -j DROP
+-A blockip_out -d 13.225.241.199/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.199/32 -j DROP
+-A blockip_out -d 13.225.241.79/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.79/32 -j DROP
+-A blockip_out -d 13.225.241.199/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.199/32 -j DROP
+-A blockip_out -d 13.225.241.212/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.212/32 -j DROP
+-A blockip_out -d 13.225.241.79/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.79/32 -j DROP
+-A blockip_out -d 13.225.241.199/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.199/32 -j DROP
+-A blockip_out -d 13.225.241.79/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.79/32 -j DROP
+-A blockip_out -d 13.225.241.27/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.27/32 -j DROP
+-A blockip_out -d 13.225.241.199/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.199/32 -j DROP
+-A blockip_out -d 13.225.241.79/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.79/32 -j DROP
+-A blockip_out -d 13.225.241.199/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.199/32 -j DROP
+-A blockip_out -d 13.225.241.27/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.27/32 -j DROP
+-A blockip_out -d 13.225.241.212/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.241.212/32 -j DROP
+-A blockip_out -d 18.194.111.172/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.194.111.172/32 -j DROP
+-A blockip_out -d 18.195.232.16/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.195.232.16/32 -j DROP
+-A blockip_out -d 18.195.34.196/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.195.34.196/32 -j DROP
+-A blockip_out -d 18.185.187.153/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.185.187.153/32 -j DROP
+-A blockip_out -d 18.184.201.126/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.184.201.126/32 -j DROP
+-A blockip_out -d 18.194.82.205/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.194.82.205/32 -j DROP
+-A blockip_out -d 18.185.150.188/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.185.150.188/32 -j DROP
+-A blockip_out -d 18.185.156.16/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.185.156.16/32 -j DROP
+-A blockip_out -d 13.225.13.61/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.13.61/32 -j DROP
+-A blockip_out -d 72.21.195.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 72.21.195.65/32 -j DROP
+-A blockip_out -d 13.225.13.61/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.13.61/32 -j DROP
+-A blockip_out -d 52.46.145.112/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.46.145.112/32 -j DROP
+-A blockip_out -d 52.46.141.49/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.46.141.49/32 -j DROP
+-A blockip_out -d 54.239.26.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.239.26.255/32 -j DROP
+-A blockip_out -d 54.71.96.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.71.96.255/32 -j DROP
+-A blockip_out -d 34.214.185.21/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 34.214.185.21/32 -j DROP
+-A blockip_out -d 52.32.14.1/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.32.14.1/32 -j DROP
+-A blockip_out -d 35.166.250.92/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.166.250.92/32 -j DROP
+-A blockip_out -d 54.200.12.154/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.200.12.154/32 -j DROP
+-A blockip_out -d 52.37.114.192/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.37.114.192/32 -j DROP
+-A blockip_out -d 13.225.245.72/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.72/32 -j DROP
+-A blockip_out -d 13.225.245.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.65/32 -j DROP
+-A blockip_out -d 13.225.245.18/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.18/32 -j DROP
+-A blockip_out -d 13.225.245.33/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.33/32 -j DROP
+-A blockip_out -d 35.160.240.60/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.160.240.60/32 -j DROP
+-A blockip_out -d 52.10.136.27/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.10.136.27/32 -j DROP
+-A blockip_out -d 54.71.96.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.71.96.255/32 -j DROP
+-A blockip_out -d 54.200.12.154/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.200.12.154/32 -j DROP
+-A blockip_out -d 52.32.14.1/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.32.14.1/32 -j DROP
+-A blockip_out -d 34.214.185.21/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 34.214.185.21/32 -j DROP
+-A blockip_out -d 35.166.250.92/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.166.250.92/32 -j DROP
+-A blockip_out -d 35.160.240.60/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.160.240.60/32 -j DROP
+-A blockip_out -d 13.225.245.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.65/32 -j DROP
+-A blockip_out -d 13.225.245.33/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.33/32 -j DROP
+-A blockip_out -d 13.225.245.72/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.72/32 -j DROP
+-A blockip_out -d 13.225.245.18/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.18/32 -j DROP
+-A blockip_out -d 18.197.26.211/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.197.26.211/32 -j DROP
+-A blockip_out -d 3.120.59.84/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.120.59.84/32 -j DROP
+-A blockip_out -d 18.197.83.103/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.197.83.103/32 -j DROP
+-A blockip_out -d 3.120.65.125/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.120.65.125/32 -j DROP
+-A blockip_out -d 3.120.50.86/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.120.50.86/32 -j DROP
+-A blockip_out -d 18.197.76.109/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.197.76.109/32 -j DROP
+-A blockip_out -d 3.120.165.77/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.120.165.77/32 -j DROP
+-A blockip_out -d 18.197.222.92/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.197.222.92/32 -j DROP
+-A blockip_out -d 35.156.254.127/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.156.254.127/32 -j DROP
+-A blockip_out -d 35.157.9.106/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.157.9.106/32 -j DROP
+-A blockip_out -d 35.156.192.89/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.156.192.89/32 -j DROP
+-A blockip_out -d 35.158.207.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.158.207.255/32 -j DROP
+-A blockip_out -d 3.124.153.99/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.124.153.99/32 -j DROP
+-A blockip_out -d 3.123.92.221/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.123.92.221/32 -j DROP
+-A blockip_out -d 35.156.224.167/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.156.224.167/32 -j DROP
+-A blockip_out -d 35.157.45.201/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.157.45.201/32 -j DROP
+-A blockip_out -d 54.93.153.201/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.93.153.201/32 -j DROP
+-A blockip_out -d 35.156.103.70/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.156.103.70/32 -j DROP
+-A blockip_out -d 18.196.78.8/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.196.78.8/32 -j DROP
+-A blockip_out -d 35.157.20.203/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.157.20.203/32 -j DROP
+-A blockip_out -d 18.195.110.84/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.195.110.84/32 -j DROP
+-A blockip_out -d 18.195.82.208/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.195.82.208/32 -j DROP
+-A blockip_out -d 18.194.31.225/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.194.31.225/32 -j DROP
+-A blockip_out -d 52.58.105.233/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.58.105.233/32 -j DROP
+-A blockip_out -d 3.120.241.69/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 3.120.241.69/32 -j DROP
+-A blockip_out -d 52.28.195.9/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.28.195.9/32 -j DROP
+-A blockip_out -d 13.225.245.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.65/32 -j DROP
+-A blockip_out -d 13.225.245.33/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.33/32 -j DROP
+-A blockip_out -d 13.225.245.72/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.72/32 -j DROP
+-A blockip_out -d 13.225.245.18/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.18/32 -j DROP
+-A blockip_out -d 54.200.12.154/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.200.12.154/32 -j DROP
+-A blockip_out -d 52.32.14.1/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.32.14.1/32 -j DROP
+-A blockip_out -d 34.214.185.21/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 34.214.185.21/32 -j DROP
+-A blockip_out -d 35.166.250.92/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.166.250.92/32 -j DROP
+-A blockip_out -d 54.71.96.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.71.96.255/32 -j DROP
+-A blockip_out -d 54.148.24.227/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.148.24.227/32 -j DROP
+-A blockip_out -d 52.41.41.102/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.41.41.102/32 -j DROP
+-A blockip_out -d 13.225.245.18/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.18/32 -j DROP
+-A blockip_out -d 13.225.245.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.65/32 -j DROP
+-A blockip_out -d 13.225.245.72/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.72/32 -j DROP
+-A blockip_out -d 13.225.245.33/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.33/32 -j DROP
+-A blockip_out -d 13.225.245.18/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.18/32 -j DROP
+-A blockip_out -d 13.225.245.33/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.33/32 -j DROP
+-A blockip_out -d 13.225.245.72/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.72/32 -j DROP
+-A blockip_out -d 13.225.245.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.65/32 -j DROP
+-A blockip_out -d 54.200.12.154/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.200.12.154/32 -j DROP
+-A blockip_out -d 34.214.185.21/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 34.214.185.21/32 -j DROP
+-A blockip_out -d 52.32.14.1/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 52.32.14.1/32 -j DROP
+-A blockip_out -d 54.148.24.227/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.148.24.227/32 -j DROP
+-A blockip_out -d 54.71.96.255/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 54.71.96.255/32 -j DROP
+-A blockip_out -d 35.166.250.92/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.166.250.92/32 -j DROP
+-A blockip_out -d 35.166.120.35/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 35.166.120.35/32 -j DROP
+-A blockip_out -d 13.225.245.18/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.18/32 -j DROP
+-A blockip_out -d 13.225.245.72/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.72/32 -j DROP
+-A blockip_out -d 13.225.245.65/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.65/32 -j DROP
+-A blockip_out -d 13.225.245.33/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 13.225.245.33/32 -j DROP
+-A blockip_out -d 18.194.111.172/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.194.111.172/32 -j DROP
+-A blockip_out -d 18.195.232.16/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.195.232.16/32 -j DROP
+-A blockip_out -d 18.195.34.196/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.195.34.196/32 -j DROP
+-A blockip_out -d 18.185.187.153/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.185.187.153/32 -j DROP
+-A blockip_out -d 18.184.201.126/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.184.201.126/32 -j DROP
+-A blockip_out -d 18.194.82.205/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.194.82.205/32 -j DROP
+-A blockip_out -d 18.185.150.188/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.185.150.188/32 -j DROP
+-A blockip_out -d 18.185.156.16/32 -j LOG --log-prefix "BLOCKED IP: "
+-A blockip_out -d 18.185.156.16/32 -j DROP
 -A cli_dns_in -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT
 -A cli_dns_in -j RETURN
 -A cli_dns_out -p udp -m udp --sport 1024:65535 --dport 53 -j ACCEPT
@@ -185,6 +930,8 @@ COMMIT
 -A cli_ssh_in -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 -A cli_ssh_in -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 -A cli_ssh_in -j RETURN
+-A cli_ssh_out -d 10.0.0.0/8 -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_ssh_out -p tcp -m tcp --dport 2222 --tcp-flags SYN,ACK SYN,ACK -j LOG --log-prefix "iptables: SSH OUT:"
 -A cli_ssh_out -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state NEW,ESTABLISHED -j ACCEPT
 -A cli_ssh_out -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
 -A cli_ssh_out -j RETURN
@@ -220,17 +967,20 @@ COMMIT
 -A srv_ntp -j RETURN
 -A srv_rip -p udp -m udp --sport 520 --dport 520 -j ACCEPT
 -A srv_rip -j RETURN
+-A srv_smtp_in -p tcp -m tcp --sport 1024:65535 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_smtp_in -j RETURN
+-A srv_smtp_out -p tcp -m tcp --sport 25 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A srv_smtp_out -j RETURN
+-A srv_ssh_in -s 10.0.0.0/8 -p tcp -m tcp --dport 2222 -m state --state NEW -j ACCEPT
+-A srv_ssh_in -p tcp -m tcp --dport 2222 -m state --state NEW -j LOG --log-prefix "iptables: SSH NEW:"
 -A srv_ssh_in -p tcp -m tcp --dport 2222 -m state --state NEW -m recent --set --name SSH --mask 255.255.255.255 --rsource -j ACCEPT
--A srv_ssh_in -p tcp -m tcp --dport 2222 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j LOG --log-prefix "BLOCKED IP DROP SSH"
+-A srv_ssh_in -p tcp -m tcp --dport 2222 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j LOG --log-prefix "BLOCKED IP:  SSH"
 -A srv_ssh_in -p tcp -m tcp --dport 2222 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j DROP
 -A srv_ssh_in -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state ESTABLISHED -j ACCEPT
--A srv_ssh_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --mask 255.255.255.255 --rsource -j ACCEPT
--A srv_ssh_in -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j LOG --log-prefix "BLOCKED IP DROP SSH"
--A srv_ssh_in -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j DROP
--A srv_ssh_in -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state ESTABLISHED -j ACCEPT
 -A srv_ssh_in -j RETURN
+-A srv_ssh_out -d 10.0.0.0/8 -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A srv_ssh_out -p tcp -m tcp --sport 2222 --tcp-flags SYN,ACK SYN,ACK -j LOG --log-prefix "iptables: SSH OUT:"
 -A srv_ssh_out -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A srv_ssh_out -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 -A srv_ssh_out -j RETURN
 COMMIT
-# Completed on Thu Sep 12 14:45:57 2019
+# Completed on Mon Feb 17 16:36:51 2020
diff --git a/core/conf/iptables/ipt-bridge.sh b/core/conf/iptables/ipt-bridge.sh
index c4b2a00..b329ea8 100644
--- a/core/conf/iptables/ipt-bridge.sh
+++ b/core/conf/iptables/ipt-bridge.sh
@@ -37,6 +37,7 @@ $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -d 10.0.0.4 -s 212.55.154.174 -j ACCEPT
 $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -d 10.0.0.4 -s 204.140.20.21 -j ACCEPT
 $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -d 10.0.0.4 -s 50.23.197.94 -j ACCEPT
 
+
 $IPT -A FORWARD -i ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -s 10.0.0.3 -j cli_https_out
 $IPT -A FORWARD -i ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -s 10.0.0.3 -j cli_http_out
 $IPT -A FORWARD -i ${BR_IF} -m physdev --physdev-out tap1 --physdev-in ${PUB_IF} -d 10.0.0.3 -j cli_https_in
@@ -45,11 +46,16 @@ $IPT -A FORWARD -i ${BR_IF} -m physdev --physdev-out tap1 --physdev-in ${PUB_IF}
 $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.4 -j srv_ssh_in
 $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 -s 10.0.0.4 -j srv_ssh_out
 $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.4 -j srv_git_in
-$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.4 -j srv_ntp
+$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 -s 10.0.0.4 -j srv_git_out
+#$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.4 -j srv_ntp
+
 $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.4 -j cli_http_in
+$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 -s 10.0.0.4 -j cli_http_out
 #####HTTP Server
-$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.4 -j srv_http_in
-$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.4 -j srv_https_in
+#$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.4 -j srv_http_in
+#$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 -s 10.0.0.4 -j srv_http_out
+#$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.4 -j srv_https_in
+#$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 -s 10.0.0.4 -j srv_https_out
 
 #########################################################################
 #         INPUT
diff --git a/core/conf/iptables/ipt-conf.sh b/core/conf/iptables/ipt-conf.sh
index 63b101f..cc51f12 100644
--- a/core/conf/iptables/ipt-conf.sh
+++ b/core/conf/iptables/ipt-conf.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 IPT="/usr/sbin/iptables"
+IPT6="/usr/sbin/ip6tables"
 
 SPAMLIST="/etc/iptables/blockedip"
 SPAMDROPMSG="BLOCKED IP: "
diff --git a/core/conf/iptables/ipt-firewall.sh b/core/conf/iptables/ipt-firewall.sh
index 0a947e6..6dc4f4f 100644
--- a/core/conf/iptables/ipt-firewall.sh
+++ b/core/conf/iptables/ipt-firewall.sh
@@ -3,65 +3,75 @@
 ipt_clear () {
     echo "clear all iptables tables"
 
-    iptables -F
-    iptables -X
-    iptables -t nat -F
-    iptables -t nat -X
-    iptables -t mangle -F
-    iptables -t mangle -X
-    iptables -t raw -F
-    iptables -t raw -X
-    iptables -t security -F
-    iptables -t security -X
-    iptables -N blocker
-    iptables -N blockip_in
-    iptables -N blockip_out
-
-    iptables -N srv_dhcp
-    iptables -N srv_rip
-    iptables -N srv_icmp
-    iptables -N srv_ntp
-    iptables -N srv_dns_in
-    iptables -N srv_dns_out
-    iptables -N srv_http_in
-    iptables -N srv_http_out
-    iptables -N srv_https_in
-    iptables -N srv_https_out
-    iptables -N srv_smtp_in
-    iptables -N srv_smtp_out
-    iptables -N srv_ssh_in
-    iptables -N srv_ssh_out
-    iptables -N srv_git_in
-    iptables -N srv_git_out
-    iptables -N srv_db_in
-    iptables -N srv_db_out
-
-
-    iptables -N cli_dns_in
-    iptables -N cli_dns_out
-    iptables -N cli_http_in
-    iptables -N cli_http_out
-    iptables -N cli_https_in
-    iptables -N cli_https_out
-    iptables -N cli_ssh_in
-    iptables -N cli_ssh_out
-    iptables -N cli_pops_in
-    iptables -N cli_pops_out
-    iptables -N cli_smtps_in
-    iptables -N cli_smtps_out
-    iptables -N cli_irc_in
-    iptables -N cli_irc_out
-    iptables -N cli_ftp_in
-    iptables -N cli_ftp_out
-    iptables -N cli_git_in
-    iptables -N cli_git_out
-    iptables -N cli_gpg_in
-    iptables -N cli_gpg_out
+    $IPT -F
+    $IPT -X
+    $IPT6 -F
+    $IPT6 -X
+    $PIT4 -Z
+    $PIT6 -Z
+    $IPT -t nat -F
+    $IPT -t nat -X
+    $IPT -t mangle -F
+    $IPT -t mangle -X
+    $IPT -t raw -F
+    $IPT -t raw -X
+    $IPT -t security -F
+    $IPT -t security -X
+    $IPT -N blocker
+    $IPT -N blockip_in
+    $IPT -N blockip_out
+
+    $IPT -N srv_dhcp
+    $IPT -N srv_rip
+    $IPT -N srv_icmp
+    $IPT -N srv_ntp
+    $IPT -N srv_dns_in
+    $IPT -N srv_dns_out
+    $IPT -N srv_http_in
+    $IPT -N srv_http_out
+    $IPT -N srv_https_in
+    $IPT -N srv_https_out
+    $IPT -N srv_smtp_in
+    $IPT -N srv_smtp_out
+    $IPT -N srv_ssh_in
+    $IPT -N srv_ssh_out
+    $IPT -N srv_git_in
+    $IPT -N srv_git_out
+    $IPT -N srv_db_in
+    $IPT -N srv_db_out
+
+
+    $IPT -N cli_dns_in
+    $IPT -N cli_dns_out
+    $IPT -N cli_http_in
+    $IPT -N cli_http_out
+    $IPT -N cli_https_in
+    $IPT -N cli_https_out
+    $IPT -N cli_ssh_in
+    $IPT -N cli_ssh_out
+    $IPT -N cli_pops_in
+    $IPT -N cli_pops_out
+    $IPT -N cli_smtps_in
+    $IPT -N cli_smtps_out
+    $IPT -N cli_irc_in
+    $IPT -N cli_irc_out
+    $IPT -N cli_ftp_in
+    $IPT -N cli_ftp_out
+    $IPT -N cli_git_in
+    $IPT -N cli_git_out
+    $IPT -N cli_gpg_in
+    $IPT -N cli_gpg_out
 
     # Set Default Rules
-    iptables -P INPUT DROP
-    iptables -P FORWARD DROP
-    iptables -P OUTPUT DROP
+    $IPT -P INPUT DROP
+    $IPT -P FORWARD DROP
+    $IPT -P OUTPUT DROP
+
+    # Set Default Rules
+    $IPT6 -P INPUT DROP
+    $IPT6 -P FORWARD DROP
+    $IPT6 -P OUTPUT DROP
+
 }
 
 ipt_log () {
@@ -69,8 +79,11 @@ ipt_log () {
     $IPT -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
     $IPT -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
     $IPT -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
-}
 
+    $IPT6 -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
+    $IPT6 -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
+    $IPT6 -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
+}
 
 ipt_tables () {
     echo "start adding tables..."
diff --git a/core/conf/iptables/ipt-server.sh b/core/conf/iptables/ipt-server.sh
index 6cd7175..7d2dbfc 100644
--- a/core/conf/iptables/ipt-server.sh
+++ b/core/conf/iptables/ipt-server.sh
@@ -19,6 +19,7 @@ $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${DNS} -j cli_dns_in
 $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j cli_http_in
 $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j cli_https_in
 
+$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_http_in
 $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_https_in
 $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_ssh_in
 $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_git_in
@@ -37,6 +38,7 @@ $IPT -A OUTPUT -o ${PUB_IF} -d ${DNS} -s ${PUB_IP} -j cli_dns_out
 $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j cli_http_out
 
 $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_https_out
+$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_http_out
 $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_ssh_out
 $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_smtp_out
 $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_git_out
diff --git a/core/conf/iptables/server.v4 b/core/conf/iptables/server.v4
index 164f95b..1ab9aa2 100644
--- a/core/conf/iptables/server.v4
+++ b/core/conf/iptables/server.v4
@@ -1,34 +1,34 @@
-# Generated by iptables-save v1.8.4 on Mon Feb 17 04:36:55 2020
+# Generated by iptables-save v1.8.4 on Mon Feb 17 15:16:01 2020
 *security
-:INPUT ACCEPT [0:0]
+:INPUT ACCEPT [9:360]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [3:12900]
 COMMIT
-# Completed on Mon Feb 17 04:36:55 2020
-# Generated by iptables-save v1.8.4 on Mon Feb 17 04:36:55 2020
+# Completed on Mon Feb 17 15:16:01 2020
+# Generated by iptables-save v1.8.4 on Mon Feb 17 15:16:01 2020
 *raw
-:PREROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [187:298268]
+:PREROUTING ACCEPT [9:360]
+:OUTPUT ACCEPT [190:294568]
 COMMIT
-# Completed on Mon Feb 17 04:36:55 2020
-# Generated by iptables-save v1.8.4 on Mon Feb 17 04:36:55 2020
+# Completed on Mon Feb 17 15:16:01 2020
+# Generated by iptables-save v1.8.4 on Mon Feb 17 15:16:01 2020
 *nat
 :PREROUTING ACCEPT [0:0]
 :INPUT ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
 COMMIT
-# Completed on Mon Feb 17 04:36:55 2020
-# Generated by iptables-save v1.8.4 on Mon Feb 17 04:36:55 2020
+# Completed on Mon Feb 17 15:16:01 2020
+# Generated by iptables-save v1.8.4 on Mon Feb 17 15:16:01 2020
 *mangle
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
+:PREROUTING ACCEPT [9:360]
+:INPUT ACCEPT [9:360]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [187:298268]
-:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [190:294568]
+:POSTROUTING ACCEPT [3:12900]
 COMMIT
-# Completed on Mon Feb 17 04:36:55 2020
-# Generated by iptables-save v1.8.4 on Mon Feb 17 04:36:55 2020
+# Completed on Mon Feb 17 15:16:01 2020
+# Generated by iptables-save v1.8.4 on Mon Feb 17 15:16:01 2020
 *filter
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
@@ -80,6 +80,7 @@ COMMIT
 -A INPUT -s 10.0.0.254/32 -d 10.0.0.4/32 -i ens3 -j cli_dns_in
 -A INPUT -s 10.0.0.0/8 -d 10.0.0.4/32 -i ens3 -j cli_http_in
 -A INPUT -s 10.0.0.0/8 -d 10.0.0.4/32 -i ens3 -j cli_https_in
+-A INPUT -s 10.0.0.0/8 -d 10.0.0.4/32 -i ens3 -j srv_http_in
 -A INPUT -s 10.0.0.0/8 -d 10.0.0.4/32 -i ens3 -j srv_https_in
 -A INPUT -s 10.0.0.0/8 -d 10.0.0.4/32 -i ens3 -j srv_ssh_in
 -A INPUT -s 10.0.0.0/8 -d 10.0.0.4/32 -i ens3 -j srv_git_in
@@ -95,6 +96,7 @@ COMMIT
 -A OUTPUT -s 10.0.0.4/32 -d 10.0.0.254/32 -o ens3 -j cli_dns_out
 -A OUTPUT -s 10.0.0.4/32 -d 10.0.0.0/8 -o ens3 -j cli_http_out
 -A OUTPUT -s 10.0.0.4/32 -d 10.0.0.0/8 -o ens3 -j srv_https_out
+-A OUTPUT -s 10.0.0.4/32 -d 10.0.0.0/8 -o ens3 -j srv_http_out
 -A OUTPUT -s 10.0.0.4/32 -d 10.0.0.0/8 -o ens3 -j srv_ssh_out
 -A OUTPUT -s 10.0.0.4/32 -d 10.0.0.0/8 -o ens3 -j srv_smtp_out
 -A OUTPUT -s 10.0.0.4/32 -d 10.0.0.0/8 -o ens3 -j srv_git_out
@@ -947,4 +949,4 @@ COMMIT
 -A srv_ssh_out -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 -A srv_ssh_out -j RETURN
 COMMIT
-# Completed on Mon Feb 17 04:36:55 2020
+# Completed on Mon Feb 17 15:16:01 2020
diff --git a/core/conf/rc.d/fcgiwrap b/core/conf/rc.d/fcgiwrap
new file mode 100755
index 0000000..2059848
--- /dev/null
+++ b/core/conf/rc.d/fcgiwrap
@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# /etc/rc.d/bird: start/stop fcgiwrapper
+#
+
+SSD=/sbin/start-stop-daemon
+NAME=fcgiwrap
+PROG=/usr/bin/spawn-fcgi
+USER=www
+GROUP=gitolite
+PIDFILE=/var/run/spawn_${NAME}.pid
+SOCKET=/var/run/fcgiwrap.sock
+OPTS="-u $USER -g $GROUP -P $PIDFILE -M 0660 -s $SOCKET -- /usr/sbin/${NAME}"
+
+
+case $1 in
+    start)
+        echo "Starting ${NAME}..."
+        $SSD --background --user $USER  --quiet --start --pidfile $PIDFILE --exec $PROG -- $OPTS
+    ;;
+stop)
+        echo "Stopping ${NAME}..."
+        $SSD --stop --remove-pidfile --retry 10 --pidfile $PIDFILE
+        ;;
+restart)
+        echo "Restarting ${NAME}..."
+        $0 stop
+        $0 start
+        ;;
+status)
+        $SSD --status --pidfile $PIDFILE
+        case $? in
+        0) echo "$PROG is running with pid $(cat $PIDFILE )" ;;
+        3) echo "$PROG is not running" ;;
+        4) echo "Unable to determine the program status" ;;
+        esac
+        ;;
+*)
+        echo "usage: $0 [start|stop|restart|status]"
+        ;;
+esac
diff --git a/core/conf/rc.d/git-daemon b/core/conf/rc.d/git-daemon
new file mode 100755
index 0000000..41793eb
--- /dev/null
+++ b/core/conf/rc.d/git-daemon
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+SSD=/sbin/start-stop-daemon
+NAME=git-daemon
+PROG=$(git --exec-path)/${NAME}
+USER=gitolite
+GROUP=gitolite
+PIDFILE=/var/run/git-daemon.pid
+REPOS=/srv/gitolite/repositories
+OPTS="--verbose --reuseaddr --base-path=${REPOS}"
+
+case $1 in
+    start)
+        echo "Starting ${NAME}..."
+        $SSD --start \
+            --pidfile ${PIDFILE} \
+            --exec ${PROG} -- ${OPTS} \
+            --detach --pid-file=${PIDFILE} \
+            --user=${USER} --group=${GROUP}
+
+    ;;
+    stop)
+        echo "Stopping ${NAME}..."
+        $SSD --stop --quiet --name git-daemon \
+                            --pidfile ${PIDFILE}
+        ;;
+    restart)
+        echo "Restarting ${NAME}..."
+        $0 stop
+        $0 start
+        ;;
+    status)
+        $SSD --status --pidfile $PIDFILE
+        case $? in
+        0) echo "$PROG is running with pid $(cat $PIDFILE )" ;;
+        3) echo "$PROG is not running" ;;
+        4) echo "Unable to determine the program status" ;;
+        esac
+        ;;
+    *)
+        echo "usage: $0 [start|stop|restart|status]"
+        ;;
+esac
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables
index f8b7881..893b087 100644
--- a/core/conf/rc.d/iptables
+++ b/core/conf/rc.d/iptables
@@ -1,55 +1,46 @@
 #!/bin/bash
 
-IPT="/usr/sbin/iptables"
-#TYPE=bridge
+. /etc/iptables/ipt-conf.sh
+. /etc/iptables/ipt-firewall.sh
+
+TYPE=bridge
 #TYPE=server
-TYPE=open
+#TYPE=open
 #TYPE=client
 
-clear_ipt() {
-
-	${IPT} -F
-	${IPT} -X
-	${IPT} -t nat -F
-	${IPT} -t nat -X
-	${IPT} -t mangle -F
-	${IPT} -t mangle -X
-	${IPT} -t raw -F
-	${IPT} -t raw -X
-	${IPT} -t security -F
-	${IPT} -t security -X
-
-}
-
 case $1 in
 	start)
             case $TYPE in
                 bridge)
-		    clear_ipt
-                    echo "setting bridge network..."
-                    echo 1 > /proc/sys/net/ipv4/ip_forward
+		    #ipt_clear
+            echo "setting bridge network..."
+            echo 1 > /proc/sys/net/ipv4/ip_forward
 
-                    ## load bridge configuration
-                    iptables-restore /etc/iptables/bridge.v4
+            ## load bridge configuration
+            #iptables-restore /etc/iptables/bridge.v4
+            #iptables-restore /etc/iptables/bridge.v6
+            bash /etc/iptables/ipt-bridge.sh
 
    		;;
 		server)
-		    clear_ipt
-                    echo "setting server network..."
-                    ## load server configuration
-                    iptables-restore /etc/iptables/server.v4
-
+		    #ipt_clear
+            echo "setting server network..."
+            ## load server configuration
+            #iptables-restore /etc/iptables/server.v4
+            #iptables-restore /etc/iptables/server.v6
+            bash /etc/iptables/ipt-server.sh
 		;;
 		client)
-		    clear_ipt
-                    echo "setting client network..."
-                    ## load client configuration
-                    iptables-restore /etc/iptables/client.v4
+		    #ipt_clear
+            echo "setting client network..."
+            ## load client configuration
+            #iptables-restore /etc/iptables/client.v4
+            bash /etc/iptables/ipt-client.sh
 		;;
 		open)
-		    clear_ipt
-                    echo "setting open network..."
-                    ## load client configuration
+		    ipt_clear
+            echo "setting open network..."
+            ## load client configuration
 
 			${IPT} -P INPUT DROP
 			${IPT} -P FORWARD DROP
@@ -65,29 +56,16 @@ case $1 in
 
 			${IPT} -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
 			${IPT} -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
-			#${IPT} -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
-
-
 		;;
 	    esac
 	;;
         stop)
 		echo "clear all iptables tables"
-		clear_ipt
-		# Set Default Rules
-		${IPT} -P INPUT DROP
-		${IPT} -P FORWARD DROP
-		${IPT} -P OUTPUT DROP
-
-		${IPT} -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
-		${IPT} -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
-		${IPT} -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
-
-
+		ipt_clear
+        ipt_tables
 	;;
 	restart)
-		clear_ipt
-        	$0 start
+        $0 start
         ;;
 	status)
 		${IPT} -v
diff --git a/core/conf/rc.d/postgresql b/core/conf/rc.d/postgresql
new file mode 100755
index 0000000..5f0762a
--- /dev/null
+++ b/core/conf/rc.d/postgresql
@@ -0,0 +1,16 @@
+#
+# /etc/rc.d/postgresql: start, stop or restart PostgreSQL server postmaster
+#
+
+PG_DATA=/srv/pgsql/data
+
+case "$1" in
+    start|stop|status|restart|reload)
+        sudo -u postgres pg_ctl -D "$PG_DATA" -l /var/log/postgresql "$1"
+        ;;
+    *)
+        echo "usage: $0 start|stop|restart|reload|status"
+        ;;
+esac
+
+# End of file
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-11-15 23:20:45 +0000