AllInfo
Main: Info Blog Temp Mail


unix 2013-07-05 22-12-28

iptables # cat ip-fw.tab

# Generated by iptables-save v1.2.11 on Thu Mar 13 23:10:13 2008
*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT

-A INPUT -p icmp -j ACCEPT
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,22,21 -j ACCEPT
#-A OUTPUT -p tcp -m multiport --dports 23,53 -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

COMMIT
# Completed on Thu Mar 13 23:10:13 2008

-------------------------------------------

# Generated by iptables-save v1.4.14 on Tue Aug 4 22:38:40 2015
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [3047:401423]

#Свои
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -s 213.160.157.0/24 -j ACCEPT
-A INPUT -s 10.20.0.0/16 -j ACCEPT
-A INPUT -s 10.11.0.0/16 -j ACCEPT


#Сервисы сервера
-A INPUT -i eth0 -p tcp -m multiport --dports 80,123,443,2222,22222,5060,5222,5269,6669 -j ACCEPT

#Для работоспособноси сети
-A INPUT -p icmp -j ACCEPT
-A INPUT -p udp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT


# китайцы и прочие сканеры ...
-A OUTPUT -d 222.186.0.0/16 -j DROP
-A OUTPUT -d 61.36.0.0/16 -j DROP
# bot smf
-A OUTPUT -d 31.184.238.0/24 -j DROP


COMMIT
# Completed on Tue Aug 4 22:38:40 2015



-------------------------------



# Generated by iptables-save v1.4.14 on Wed Aug 5 20:20:24 2015
*filter
:INPUT DROP [4:172]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [12674:1765929]
:fail2ban-ASTERISK - [0:0]
:fail2ban-ssh - [0:0]
-A INPUT -j fail2ban-ASTERISK
-A INPUT -p tcp -m multiport --dports 22222 -j fail2ban-ssh
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -s 213.160.157.0/24 -j ACCEPT
-A INPUT -s 10.20.0.0/16 -j ACCEPT
-A INPUT -s 10.11.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p tcp -m multiport --dports 80,123,443,2222,22222,5060,5222,5269,6669 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p udp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -d 222.186.0.0/16 -j DROP
-A OUTPUT -d 61.36.0.0/16 -j DROP
-A OUTPUT -d 31.184.238.0/24 -j DROP
-A fail2ban-ASTERISK -s 64.71.74.48/32 -j DROP
-A fail2ban-ASTERISK -j RETURN
-A fail2ban-ssh -j RETURN
COMMIT
# Completed on Wed Aug 5 20:20:24 2015

---------------------------------------

[root@prg my]# iptables-save
# Generated by iptables-save v1.4.21 on Tue Aug 11 15:57:45 2015
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -s 10.20.0.0/16 -j ACCEPT
-A INPUT -s 10.11.0.0/16 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -d 222.186.0.0/16 -j DROP
-A OUTPUT -d 61.36.0.0/16 -j DROP
-A OUTPUT -d 31.184.238.0/24 -j DROP
COMMIT
# Completed on Tue Aug 11 15:57:45 2015

18.118.1.158 / 2024-04-28_04-23-21 UTC.