kuon/rules.v4

## rules.v4
# Generated by iptables-save v1.4.21 on Thu Nov  6 12:58:14 2014
*nat
:PREROUTING ACCEPT [106:10938]
:INPUT ACCEPT [98:10528]
:OUTPUT ACCEPT [187:13179]
:POSTROUTING ACCEPT [194:13627]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER ! -i docker0 -p tcp -m tcp --dport 49153 -j DNAT --to-destination 172.17.0.2:5000
COMMIT
# Completed on Thu Nov  6 12:58:14 2014
# Generated by iptables-save v1.4.21 on Thu Nov  6 12:58:14 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [73439:11958896]
:FW-INPUT - [0:0]
-A INPUT -j FW-INPUT
-A INPUT -s 10.0.0.0/8 -i enp2s0 -j DROP
-A INPUT -s 172.16.0.0/12 -i enp2s0 -j DROP
-A INPUT -s 192.168.0.0/16 -i enp2s0 -j DROP
-A INPUT -s 224.0.0.0/4 -i enp2s0 -j DROP
-A INPUT -s 240.0.0.0/5 -i enp2s0 -j DROP
-A INPUT -d 127.0.0.0/8 -i enp2s0 -j DROP
-A FORWARD -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5000 -j ACCEPT
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -j FW-INPUT
-A FW-INPUT -i lo -j ACCEPT
-A FW-INPUT -i vpn -j ACCEPT
-A FW-INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A FW-INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A FW-INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A FW-INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A FW-INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FW-INPUT -p tcp -m conntrack --ctstate NEW -m multiport --dports 22 -j ACCEPT
-A FW-INPUT -p tcp -m conntrack --ctstate NEW -m multiport --dports 655 -j ACCEPT
-A FW-INPUT -p udp -m conntrack --ctstate NEW -m multiport --dports 655 -j ACCEPT
-A FW-INPUT -j LOG
-A FW-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
	# Generated by iptables-save v1.4.21 on Thu Nov 6 12:58:14 2014
	*nat
	:PREROUTING ACCEPT [106:10938]
	:INPUT ACCEPT [98:10528]
	:OUTPUT ACCEPT [187:13179]
	:POSTROUTING ACCEPT [194:13627]
	:DOCKER - [0:0]
	-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
	-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
	-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
	-A DOCKER ! -i docker0 -p tcp -m tcp --dport 49153 -j DNAT --to-destination 172.17.0.2:5000
	COMMIT
	# Completed on Thu Nov 6 12:58:14 2014
	# Generated by iptables-save v1.4.21 on Thu Nov 6 12:58:14 2014
	*filter
	:INPUT DROP [0:0]
	:FORWARD DROP [0:0]
	:OUTPUT ACCEPT [73439:11958896]
	:FW-INPUT - [0:0]
	-A INPUT -j FW-INPUT
	-A INPUT -s 10.0.0.0/8 -i enp2s0 -j DROP
	-A INPUT -s 172.16.0.0/12 -i enp2s0 -j DROP
	-A INPUT -s 192.168.0.0/16 -i enp2s0 -j DROP
	-A INPUT -s 224.0.0.0/4 -i enp2s0 -j DROP
	-A INPUT -s 240.0.0.0/5 -i enp2s0 -j DROP
	-A INPUT -d 127.0.0.0/8 -i enp2s0 -j DROP
	-A FORWARD -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5000 -j ACCEPT
	-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
	-A FORWARD -i docker0 -o docker0 -j ACCEPT
	-A FORWARD -j FW-INPUT
	-A FW-INPUT -i lo -j ACCEPT
	-A FW-INPUT -i vpn -j ACCEPT
	-A FW-INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
	-A FW-INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
	-A FW-INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
	-A FW-INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
	-A FW-INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	-A FW-INPUT -p tcp -m conntrack --ctstate NEW -m multiport --dports 22 -j ACCEPT
	-A FW-INPUT -p tcp -m conntrack --ctstate NEW -m multiport --dports 655 -j ACCEPT
	-A FW-INPUT -p udp -m conntrack --ctstate NEW -m multiport --dports 655 -j ACCEPT
	-A FW-INPUT -j LOG
	-A FW-INPUT -j REJECT --reject-with icmp-host-prohibited
	COMMIT