Created
October 11, 2017 22:00
-
-
Save eiginn/1659865ef70d35f432c16d7e6dbe3065 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Original Rules | |
| # Generated by iptables-save v1.4.21 on Wed Oct 11 21:54:52 2017 | |
| *nat | |
| :PREROUTING ACCEPT [5687:339260] | |
| :INPUT ACCEPT [5673:337852] | |
| :OUTPUT ACCEPT [74556:5261167] | |
| :POSTROUTING ACCEPT [74560:5261407] | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 7 --packet 0 -m comment --comment tetra-proxy-0-chat-port -j DNAT --to-destination :5232 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 7 --packet 0 -m comment --comment tetra-proxy-0-chat-port-ssl -j DNAT --to-destination :5233 | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 6 --packet 0 -m comment --comment tetra-proxy-1-chat-port -j DNAT --to-destination :5242 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 6 --packet 0 -m comment --comment tetra-proxy-1-chat-port-ssl -j DNAT --to-destination :5243 | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 5 --packet 0 -m comment --comment tetra-proxy-2-chat-port -j DNAT --to-destination :5252 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 5 --packet 0 -m comment --comment tetra-proxy-2-chat-port-ssl -j DNAT --to-destination :5253 | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 4 --packet 0 -m comment --comment tetra-proxy-3-chat-port -j DNAT --to-destination :5262 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 4 --packet 0 -m comment --comment tetra-proxy-3-chat-port-ssl -j DNAT --to-destination :5263 | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 3 --packet 0 -m comment --comment tetra-proxy-4-chat-port -j DNAT --to-destination :5272 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 3 --packet 0 -m comment --comment tetra-proxy-4-chat-port-ssl -j DNAT --to-destination :5273 | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -m comment --comment tetra-proxy-5-chat-port -j DNAT --to-destination :5282 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -m comment --comment tetra-proxy-5-chat-port-ssl -j DNAT --to-destination :5283 | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 1 --packet 0 -m comment --comment tetra-proxy-6-chat-port -j DNAT --to-destination :5292 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 1 --packet 0 -m comment --comment tetra-proxy-6-chat-port-ssl -j DNAT --to-destination :5293 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 7 --packet 0 -m comment --comment tetra-proxy-0-chat-port -j DNAT --to-destination :5232 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 7 --packet 0 -m comment --comment tetra-proxy-0-chat-port-ssl -j DNAT --to-destination :5233 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 6 --packet 0 -m comment --comment tetra-proxy-1-chat-port -j DNAT --to-destination :5242 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 6 --packet 0 -m comment --comment tetra-proxy-1-chat-port-ssl -j DNAT --to-destination :5243 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 5 --packet 0 -m comment --comment tetra-proxy-2-chat-port -j DNAT --to-destination :5252 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 5 --packet 0 -m comment --comment tetra-proxy-2-chat-port-ssl -j DNAT --to-destination :5253 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 4 --packet 0 -m comment --comment tetra-proxy-3-chat-port -j DNAT --to-destination :5262 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 4 --packet 0 -m comment --comment tetra-proxy-3-chat-port-ssl -j DNAT --to-destination :5263 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 3 --packet 0 -m comment --comment tetra-proxy-4-chat-port -j DNAT --to-destination :5272 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 3 --packet 0 -m comment --comment tetra-proxy-4-chat-port-ssl -j DNAT --to-destination :5273 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -m comment --comment tetra-proxy-5-chat-port -j DNAT --to-destination :5282 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -m comment --comment tetra-proxy-5-chat-port-ssl -j DNAT --to-destination :5283 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 1 --packet 0 -m comment --comment tetra-proxy-6-chat-port -j DNAT --to-destination :5292 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 1 --packet 0 -m comment --comment tetra-proxy-6-chat-port-ssl -j DNAT --to-destination :5293 | |
| COMMIT | |
| # Completed on Wed Oct 11 21:54:52 2017 | |
| # Generated by iptables-save v1.4.21 on Wed Oct 11 21:54:52 2017 | |
| *filter | |
| :INPUT DROP [1:60] | |
| :FORWARD DROP [0:0] | |
| :OUTPUT ACCEPT [1:76] | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP | |
| -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT | |
| -A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5222 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5223 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5232 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5233 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5242 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5243 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5252 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5253 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5262 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5263 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5272 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5273 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5282 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5283 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5292 -m state --state NEW -j ACCEPT | |
| -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 5293 -m state --state NEW -j ACCEPT | |
| -A INPUT -p udp -m udp --dport 137 -j ACCEPT | |
| -A INPUT -p udp -m udp --dport 138 -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT | |
| -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -o lo -j ACCEPT | |
| -A OUTPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT | |
| -A OUTPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT | |
| -A OUTPUT -p udp -m udp --sport 161 -m state --state NEW -j ACCEPT | |
| -A OUTPUT -m state --state NEW -j LOG | |
| COMMIT | |
| # Completed on Wed Oct 11 21:54:52 2017 | |
| ## Fixed rules | |
| # Generated by iptables-save v1.4.21 on Wed Oct 11 21:54:52 2017 | |
| *nat | |
| :PREROUTING ACCEPT [5687:339260] | |
| :INPUT ACCEPT [5673:337852] | |
| :OUTPUT ACCEPT [74556:5261167] | |
| :POSTROUTING ACCEPT [74560:5261407] | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 7 --packet 0 -m comment --comment tetra-proxy-0-chat-port -j DNAT --to-destination :5232 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 7 --packet 0 -m comment --comment tetra-proxy-0-chat-port-ssl -j DNAT --to-destination :5233 | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 6 --packet 0 -m comment --comment tetra-proxy-1-chat-port -j DNAT --to-destination :5242 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 6 --packet 0 -m comment --comment tetra-proxy-1-chat-port-ssl -j DNAT --to-destination :5243 | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 5 --packet 0 -m comment --comment tetra-proxy-2-chat-port -j DNAT --to-destination :5252 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 5 --packet 0 -m comment --comment tetra-proxy-2-chat-port-ssl -j DNAT --to-destination :5253 | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 4 --packet 0 -m comment --comment tetra-proxy-3-chat-port -j DNAT --to-destination :5262 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 4 --packet 0 -m comment --comment tetra-proxy-3-chat-port-ssl -j DNAT --to-destination :5263 | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 3 --packet 0 -m comment --comment tetra-proxy-4-chat-port -j DNAT --to-destination :5272 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 3 --packet 0 -m comment --comment tetra-proxy-4-chat-port-ssl -j DNAT --to-destination :5273 | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -m comment --comment tetra-proxy-5-chat-port -j DNAT --to-destination :5282 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -m comment --comment tetra-proxy-5-chat-port-ssl -j DNAT --to-destination :5283 | |
| -A PREROUTING -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 1 --packet 0 -m comment --comment tetra-proxy-6-chat-port -j DNAT --to-destination :5292 | |
| -A PREROUTING -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 1 --packet 0 -m comment --comment tetra-proxy-6-chat-port-ssl -j DNAT --to-destination :5293 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 7 --packet 0 -m comment --comment tetra-proxy-0-chat-port -j DNAT --to-destination :5232 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 7 --packet 0 -m comment --comment tetra-proxy-0-chat-port-ssl -j DNAT --to-destination :5233 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 6 --packet 0 -m comment --comment tetra-proxy-1-chat-port -j DNAT --to-destination :5242 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 6 --packet 0 -m comment --comment tetra-proxy-1-chat-port-ssl -j DNAT --to-destination :5243 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 5 --packet 0 -m comment --comment tetra-proxy-2-chat-port -j DNAT --to-destination :5252 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 5 --packet 0 -m comment --comment tetra-proxy-2-chat-port-ssl -j DNAT --to-destination :5253 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 4 --packet 0 -m comment --comment tetra-proxy-3-chat-port -j DNAT --to-destination :5262 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 4 --packet 0 -m comment --comment tetra-proxy-3-chat-port-ssl -j DNAT --to-destination :5263 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 3 --packet 0 -m comment --comment tetra-proxy-4-chat-port -j DNAT --to-destination :5272 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 3 --packet 0 -m comment --comment tetra-proxy-4-chat-port-ssl -j DNAT --to-destination :5273 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -m comment --comment tetra-proxy-5-chat-port -j DNAT --to-destination :5282 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -m comment --comment tetra-proxy-5-chat-port-ssl -j DNAT --to-destination :5283 | |
| -A OUTPUT -p tcp -m tcp --dport 5222 -m state --state NEW -m statistic --mode nth --every 1 --packet 0 -m comment --comment tetra-proxy-6-chat-port -j DNAT --to-destination :5292 | |
| -A OUTPUT -p tcp -m tcp --dport 5223 -m state --state NEW -m statistic --mode nth --every 1 --packet 0 -m comment --comment tetra-proxy-6-chat-port-ssl -j DNAT --to-destination :5293 | |
| COMMIT | |
| # Completed on Wed Oct 11 21:54:52 2017 | |
| # Generated by iptables-save v1.4.21 on Wed Oct 11 21:54:52 2017 | |
| *filter | |
| :INPUT DROP [1:60] | |
| :FORWARD DROP [0:0] | |
| :OUTPUT ACCEPT [1:76] | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP | |
| -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT | |
| -A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5222 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5223 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5232 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5233 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5242 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5243 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5252 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5253 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5262 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5263 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5272 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5273 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5282 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5283 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5292 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 5293 -m state --state NEW -j ACCEPT | |
| -A INPUT -p udp -m udp --dport 137 -j ACCEPT | |
| -A INPUT -p udp -m udp --dport 138 -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT | |
| -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -o lo -j ACCEPT | |
| -A OUTPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT | |
| -A OUTPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT | |
| -A OUTPUT -p udp -m udp --sport 161 -m state --state NEW -j ACCEPT | |
| -A OUTPUT -m state --state NEW -j LOG | |
| COMMIT | |
| # Completed on Wed Oct 11 21:54:52 2017 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment