# Generated by iptables-save v1.6.1 on Wed Mar 15 20:53:45 2017 *security :INPUT ACCEPT [85:6694] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [3:179] COMMIT # Completed on Wed Mar 15 20:53:45 2017 # Generated by iptables-save v1.6.1 on Wed Mar 15 20:53:45 2017 *raw :PREROUTING ACCEPT [97:7863] :OUTPUT ACCEPT [3:179] COMMIT # Completed on Wed Mar 15 20:53:45 2017 # Generated by iptables-save v1.6.1 on Wed Mar 15 20:53:45 2017 *nat :PREROUTING ACCEPT [6:683] :INPUT ACCEPT [2:138] :OUTPUT ACCEPT [2:131] :POSTROUTING ACCEPT [2:131] COMMIT # Completed on Wed Mar 15 20:53:45 2017 # Generated by iptables-save v1.6.1 on Wed Mar 15 20:53:45 2017 *mangle :PREROUTING ACCEPT [8:624] :INPUT ACCEPT [8:624] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on Wed Mar 15 20:53:45 2017 # Generated by iptables-save v1.6.1 on Wed Mar 15 20:53:45 2017 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] :ACCEPTLOG - [0:0] :DROPLOG - [0:0] :REJECTLOG - [0:0] :RELATED_ICMP - [0:0] :SYN_FLOOD - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m limit --limit 1/sec --limit-burst 2 -j ACCEPT -A INPUT -p icmp -m limit --limit 1/sec --limit-burst 2 -j LOG --log-prefix "PING-DROP:" -A INPUT -p icmp -j DROP -A INPUT -p icmp -f -j DROPLOG -A INPUT -p icmp -m state --state ESTABLISHED -m limit --limit 3/sec --limit-burst 8 -j ACCEPT -A INPUT -p icmp -m state --state RELATED -m limit --limit 3/sec --limit-burst 8 -j RELATED_ICMP -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 3/sec --limit-burst 8 -j ACCEPT -A INPUT -p icmp -j DROPLOG -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP -A INPUT -p udp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP -A INPUT -m state --state INVALID -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROPLOG -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROPLOG -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROPLOG -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROPLOG -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROPLOG -A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROPLOG -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROPLOG -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j SYN_FLOOD -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROPLOG -A INPUT -f -j DROPLOG -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -j DROPLOG -A FORWARD -p icmp -f -j DROPLOG -A FORWARD -p icmp -j DROPLOG -A FORWARD -m state --state INVALID -j DROP -A FORWARD -j REJECTLOG -A OUTPUT -o lo -j ACCEPT -A OUTPUT -p icmp -j ACCEPT -A OUTPUT -p icmp -f -j DROPLOG -A OUTPUT -p icmp -m state --state ESTABLISHED -m limit --limit 3/sec --limit-burst 8 -j ACCEPT -A OUTPUT -p icmp -m state --state RELATED -m limit --limit 3/sec --limit-burst 8 -j RELATED_ICMP -A OUTPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 3/sec --limit-burst 8 -j ACCEPT -A OUTPUT -p icmp -j DROPLOG -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state INVALID -j DROP -A OUTPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 6667 -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 5222 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 123 -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -j DROPLOG -A ACCEPTLOG -m limit --limit 3/sec --limit-burst 8 -j LOG --log-prefix "iptables: ACCEPT " --log-level 7 --log-tcp-sequence --log-tcp-options --log-ip-options -A ACCEPTLOG -j ACCEPT -A DROPLOG -m limit --limit 3/sec --limit-burst 8 -j LOG --log-prefix "iptables: DROP " --log-level 7 --log-tcp-sequence --log-tcp-options --log-ip-options -A DROPLOG -j DROP -A REJECTLOG -m limit --limit 3/sec --limit-burst 8 -j LOG --log-prefix "iptables: REJECT " --log-level 7 --log-tcp-sequence --log-tcp-options --log-ip-options -A REJECTLOG -p tcp -j REJECT --reject-with tcp-reset -A REJECTLOG -j REJECT --reject-with icmp-port-unreachable -A RELATED_ICMP -p icmp -m icmp --icmp-type 3 -j ACCEPT -A RELATED_ICMP -p icmp -m icmp --icmp-type 11 -j ACCEPT -A RELATED_ICMP -p icmp -m icmp --icmp-type 12 -j ACCEPT -A RELATED_ICMP -j DROPLOG -A SYN_FLOOD -m limit --limit 2/sec --limit-burst 6 -j RETURN -A SYN_FLOOD -j DROP COMMIT # Completed on Wed Mar 15 20:53:45 2017