greenpeas/my_iptables_config

## my_iptables_config
# Generated by iptables-save v1.3.5 on Wed Jan 23 15:43:00 2013
*nat
:PREROUTING ACCEPT [39:5343]
:POSTROUTING ACCEPT [2:120]
:OUTPUT ACCEPT [3:196]
-A POSTROUTING -o venet0 -j MASQUERADE
COMMIT
# Completed on Wed Jan 23 15:43:00 2013
# Generated by iptables-save v1.3.5 on Wed Jan 23 15:43:00 2013
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [735:1182216]
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -i tap0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#-A INPUT -p udp -m state --state NEW -m udp --dport 27015 -j ACCEPT
#-A INPUT -p udp -m state --state NEW -m udp --dport 27016 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 81 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 112 -j ACCEPT

# защита ssh от брутфорса. Бан на 30 секунд
-A INPUT -p tcp -m state --state NEW --dport 22 -m recent --update --seconds 30 -j DROP
-A INPUT -p tcp -m state --state NEW --dport 22 -m recent --set -j ACCEPT

# для torrenta входящие подключения
#-A INPUT -p udp -m state --state NEW -m udp --dport 25740 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 25740 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

# Баны
#-I INPUT -s 62.210.136.0/24 -j DROP
# Франция идет лесом
-I INPUT -m iprange --src-range 62.210.128.0-62.210.255.255 -j DROP
COMMIT
	# Generated by iptables-save v1.3.5 on Wed Jan 23 15:43:00 2013
	*nat
	:PREROUTING ACCEPT [39:5343]
	:POSTROUTING ACCEPT [2:120]
	:OUTPUT ACCEPT [3:196]
	-A POSTROUTING -o venet0 -j MASQUERADE
	COMMIT
	# Completed on Wed Jan 23 15:43:00 2013
	# Generated by iptables-save v1.3.5 on Wed Jan 23 15:43:00 2013
	*filter
	:INPUT DROP [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [735:1182216]
	-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
	-A FORWARD -i tap0 -j ACCEPT
	-A INPUT -i lo -j ACCEPT
	-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
	-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	#-A INPUT -p udp -m state --state NEW -m udp --dport 27015 -j ACCEPT
	#-A INPUT -p udp -m state --state NEW -m udp --dport 27016 -j ACCEPT
	-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
	-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
	-A INPUT -p tcp -m state --state NEW -m tcp --dport 81 -j ACCEPT
	#-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
	#-A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
	#-A INPUT -p tcp -m state --state NEW -m tcp --dport 112 -j ACCEPT

	# защита ssh от брутфорса. Бан на 30 секунд
	-A INPUT -p tcp -m state --state NEW --dport 22 -m recent --update --seconds 30 -j DROP
	-A INPUT -p tcp -m state --state NEW --dport 22 -m recent --set -j ACCEPT

	# для torrenta входящие подключения
	#-A INPUT -p udp -m state --state NEW -m udp --dport 25740 -j ACCEPT
	#-A INPUT -p tcp -m state --state NEW -m tcp --dport 25740 -j ACCEPT

	-A INPUT -j REJECT --reject-with icmp-host-prohibited

	# Баны
	#-I INPUT -s 62.210.136.0/24 -j DROP
	# Франция идет лесом
	-I INPUT -m iprange --src-range 62.210.128.0-62.210.255.255 -j DROP
	COMMIT