LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Blogs > Musings on technology, philosophy, and life in the corporate world
User Name
Password

Notices

Hi. I'm a Unix Administrator, mathematics enthusiast, and amateur philosopher. This is where I rant about that which upsets me, laugh about that which amuses me, and jabber about that which holds my interest most: Unix.
Rate this Entry

iptables revisited

Posted 12-05-2013 at 03:05 PM by rocket357

I spent a bit of time revamping my iptables rules on a public torrent/voip server of mine, so I figured I would dump them here (sanitized) for future reference:

Code:
root@dfw:~# iptables -nvL
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   47  1896 LOG-DROP   all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID /* SCANS AND SUCH? */
44350 6962K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED /* ESTABLISHED TRAFFIC */
   18  1080 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0            /* LOOPBACK TRAFFIC */
   55  3613 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:51413 /* TRANSMISSION PUBLIC TRAFFIC */
 1729  103K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413 /* TRANSMISSION PUBLIC TRAFFIC */
    0     0 LOG-PASS   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3784 /* VENTRILO TCP */
    0     0 LOG-PASS   udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:3784 /* VENTRILO UDP */
   22  1308            tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW recent: SET name: SSH side: source
   18  1080 LOG-DROP   all  --  *      *       0.0.0.0/0            0.0.0.0/0            recent: UPDATE seconds: 600 hit_count: 4 TTL-Match name: SSH side: source
    4   228 LOG-PASS   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 ctstate NEW
   10   522 LOG-DROP   all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 7166 packets, 6206K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain LOG-DROP (3 references)
 pkts bytes target     prot opt in     out     source               destination         
   31  1478 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 2/min burst 5 LOG flags 0 level 4 prefix "IPTables-Dropped: "
   75  3498 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOG-PASS (5 references)
 pkts bytes target     prot opt in     out     source               destination         
   27  1424 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 2/min burst 5 LOG flags 0 level 4 prefix "IPTables-Passed: "
   27  1424 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           



root@dfw:~# ip6tables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG-DROP   all      *      *       ::/0                 ::/0                 ctstate INVALID /* SCANS AND SUCH? */
  190 25343 ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED /* ESTABLISHED TRAFFIC */
    4   320 ACCEPT     all      lo     *       ::/0                 ::/0                 /* LOOPBACK TRAFFIC */
   84  5600 ICMPv6     icmpv6    *      *       ::/0                 ::/0                
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:51413 /* TRANSMISSION PUBLIC TRAFFIC */
    2   160 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:51413 /* TRANSMISSION PUBLIC TRAFFIC */
    0     0            tcp      *      *       ::/0                 ::/0                 tcp dpt:22 state NEW recent: SET name: SSH side: source
    0     0 LOG-DROP   all      *      *       ::/0                 ::/0                 recent: UPDATE seconds: 600 hit_count: 4 TTL-Match name: SSH side: source
    0     0 LOG-PASS   tcp      *      *       ::/0                 ::/0                 tcp dpt:22
  330 23736 LOG-DROP   all      *      *       ::/0                 ::/0                

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 60 packets, 4592 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain ICMPv6 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 128
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 4
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 133
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 134
   27  1944 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 135
   57  3656 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 136
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 137
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 141
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 142
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 148
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 149
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 130
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 131
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 132
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 143
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 151
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 152
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 153
    0     0 RETURN     all      *      *       ::/0                 ::/0                

Chain LOG-DROP (3 references)
 pkts bytes target     prot opt in     out     source               destination         
   99  7104 LOG        all      *      *       ::/0                 ::/0                 limit: avg 2/min burst 5 LOG flags 0 level 4 prefix "IPTables-Dropped: "
  330 23736 DROP       all      *      *       ::/0                 ::/0                

Chain LOG-PASS (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 2/min burst 5 LOG flags 0 level 4 prefix "IPTables-Passed: "
    0     0 ACCEPT     all      *      *       ::/0                 ::/0

Questions and comments welcome!
Posted in Uncategorized
Views 338 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 05:29 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration