Last active
December 21, 2015 14:29
-
-
Save cdenneen/6320051 to your computer and use it in GitHub Desktop.
ES Firewall
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@eslogs-1 ~]# iptables -nL -v | |
| Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 /* 000 accept all icmp */ | |
| 372 37669 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* 001 accept all to lo interface */ | |
| 142K 181M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* 002 accept related established rules */ state RELATED,ESTABLISHED | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 /* 003 allow ssh access */ state NEW,ESTABLISHED | |
| 16138 24M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 9200:9400,9500 /* 201 allow ES access */ | |
| 60 23693 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport sports 9200:9400 /* 203 allow remote ES */ | |
| 2364 3481K LOGGING tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* 901 send input to log */ | |
| 2577 666K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* 999 drop all */ | |
| Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* 999 forward reject all */ reject-with icmp-port-unreachable | |
| Chain OUTPUT (policy ACCEPT 11680 packets, 1416K bytes) | |
| pkts bytes target prot opt in out source destination | |
| 118 17480 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport ports 22 /* 004 allow ssh access */ state ESTABLISHED | |
| 80615 16M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport sports 9200:9400 /* 202 allow remote ES */ | |
| 11724 1438K LOGGING tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* 902 send output dropped to log */ | |
| Chain LOGGING (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 47 12376 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* 903 logging */ limit: avg 2/min burst 5 LOG flags 0 level 4 prefix `IPTables-Dropped: ' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by iptables-save v1.4.7 on Mon Aug 26 14:42:11 2013 | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [15844:1797856] | |
| :LOGGING - [0:0] | |
| -A INPUT -p icmp -m comment --comment "000 accept all icmp" -j ACCEPT | |
| -A INPUT -i lo -m comment --comment "001 accept all to lo interface" -j ACCEPT | |
| -A INPUT -m comment --comment "002 accept related established rules" -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| -A INPUT -p tcp -m multiport --dports 22 -m comment --comment "003 allow ssh access" -m state --state NEW,ESTABLISHED -j ACCEPT | |
| -A INPUT -p tcp -m multiport --dports 9200:9400,9500 -m comment --comment "201 allow ES access" -j ACCEPT | |
| -A INPUT -p tcp -m multiport --sports 9200:9400 -m comment --comment "203 allow remote ES" -j ACCEPT | |
| -A INPUT -p tcp -m comment --comment "901 send input to log" -j LOGGING | |
| -A INPUT -m comment --comment "999 drop all" -j DROP | |
| -A FORWARD -m comment --comment "999 forward reject all" -j REJECT --reject-with icmp-port-unreachable | |
| -A OUTPUT -p tcp -m multiport --ports 22 -m comment --comment "004 allow ssh access" -m state --state ESTABLISHED -j ACCEPT | |
| -A OUTPUT -p tcp -m multiport --sports 9200:9400 -m comment --comment "202 allow remote ES" -j ACCEPT | |
| -A OUTPUT -p tcp -m comment --comment "902 send output dropped to log" -j LOGGING | |
| -A LOGGING -p tcp -m comment --comment "903 logging" -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " | |
| COMMIT | |
| # Completed on Mon Aug 26 14:42:11 2013 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Aug 23 11:15:07 eslogs-1 kernel: IPTables-Dropped: IN= OUT=eth0 SRC=10.1.67.30 DST=10.1.67.33 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=22541 DF PROTO=TCP SPT=37710 DPT=9300 WINDOW=115 RES=0x00 ACK PSH URGP=0 | |
| Aug 23 11:15:38 eslogs-1 kernel: IPTables-Dropped: IN= OUT=eth0 SRC=10.1.67.30 DST=10.1.67.33 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=22601 DF PROTO=TCP SPT=37710 DPT=9300 WINDOW=115 RES=0x00 ACK PSH URGP=0 | |
| Aug 23 11:16:08 eslogs-1 kernel: IPTables-Dropped: IN= OUT=eth0 SRC=10.1.67.30 DST=10.1.67.34 LEN=143 TOS=0x00 PREC=0x00 TTL=64 ID=54046 DF PROTO=TCP SPT=48846 DPT=9300 WINDOW=499 RES=0x00 ACK PSH URGP=0 | |
| � |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 10.1.67.33 doesn't show any matching the eslogs-1 lines... and iptables looks same: | |
| [root@eslogs-4 ~]# iptables -nL -v | |
| Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 /* 000 accept all icmp */ | |
| 147 14273 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* 001 accept all to lo interface */ | |
| 25776 2201K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* 002 accept related established rules */ state RELATED,ESTABLISHED | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 /* 003 allow ssh access */ | |
| 263 21768 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 9200:9400,9500 /* 201 allow ES access */ | |
| 78 15439 LOGGING tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* 901 send input to log */ | |
| 2244 588K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* 999 drop all */ | |
| Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* 999 forward reject all */ reject-with icmp-port-unreachable | |
| Chain OUTPUT (policy ACCEPT 5597 packets, 425K bytes) | |
| pkts bytes target prot opt in out source destination | |
| 13542 9401K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport sports 9200:9400 /* 202 allow remote ES */ | |
| 5644 432K LOGGING tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* 902 send output dropped to log */ | |
| Chain LOGGING (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 39 2983 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* 903 logging */ limit: avg 2/min burst 5 LOG flags 0 level 4 prefix `IPTables-Dropped: ' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Aug 23 11:15:39 eslogs-5 kernel: IPTables-Dropped: IN= OUT=eth0 SRC=10.1.67.34 DST=10.1.67.30 LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=8963 DF PROTO=TCP SPT=43491 DPT=9300 WINDOW=115 RES=0x00 ACK PSH URGP=0 | |
| Aug 23 11:16:09 eslogs-5 kernel: IPTables-Dropped: IN= OUT=eth0 SRC=10.1.67.34 DST=10.1.67.30 LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=9023 DF PROTO=TCP SPT=43491 DPT=9300 WINDOW=115 RES=0x00 ACK PSH URGP=0 | |
| Aug 23 11:17:09 eslogs-5 kernel: IPTables-Dropped: IN= OUT=eth0 SRC=10.1.67.34 DST=10.1.67.30 LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=9143 DF PROTO=TCP SPT=43491 DPT=9300 WINDOW=115 RES=0x00 ACK PSH URGP=0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment