liwsakilive/ddos-ro-protection

## ddos-ro-protection
# Generated by iptables-save v1.8.4 on Wed Mar  9 00:06:04 2022
*raw
:PREROUTING ACCEPT [653:47787]
:OUTPUT ACCEPT [691:96020]
-A PREROUTING -p tcp -m tcp -m multiport --dports 22,80,443,8443,20191,20192,20193,19999 -j ACCEPT
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j CT --notrack
COMMIT
# Completed on Wed Mar  9 00:06:04 2022
# Generated by iptables-save v1.8.4 on Wed Mar  9 00:06:04 2022
*nat
:PREROUTING ACCEPT [2:117]
:INPUT ACCEPT [1:57]
:OUTPUT ACCEPT [11:952]
:POSTROUTING ACCEPT [11:952]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.18.0.0/16 ! -o br-19f3a7186944 -j MASQUERADE
-A POSTROUTING -s 172.18.0.2/32 -d 172.18.0.2/32 -p tcp -m tcp --dport 19999 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
-A DOCKER -i br-19f3a7186944 -j RETURN
-A DOCKER ! -i br-19f3a7186944 -p tcp -m tcp --dport 19999 -j DNAT --to-destination 172.18.0.2:19999
COMMIT
# Completed on Wed Mar  9 00:06:04 2022
# Generated by iptables-save v1.8.4 on Wed Mar  9 00:06:04 2022
*filter
:INPUT ACCEPT [96:7500]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [67:11263]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
-A INPUT -p tcp -m tcp -m conntrack --ctstate INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-19f3a7186944 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-19f3a7186944 -j DOCKER
-A FORWARD -i br-19f3a7186944 ! -o br-19f3a7186944 -j ACCEPT
-A FORWARD -i br-19f3a7186944 -o br-19f3a7186944 -j ACCEPT
-A DOCKER -d 172.18.0.2/32 ! -i br-19f3a7186944 -o br-19f3a7186944 -p tcp -m tcp --dport 19999 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-19f3a7186944 ! -o br-19f3a7186944 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-19f3a7186944 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
COMMIT
*mangle
:PREROUTING ACCEPT [4499373211:4527602457106]
:INPUT ACCEPT [38132120:4043491130]
:FORWARD ACCEPT [4461241088:4523558965784]
:OUTPUT ACCEPT [4077869:3000330927]
:POSTROUTING ACCEPT [4464134258:4526497379419]
-A PREROUTING -m conntrack --ctstate INVALID -j DROP
-A PREROUTING -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j DROP
-A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A PREROUTING -p icmp -j LOG --log-prefix "[IPT][bond0][ICMP]"
#-A PREROUTING ! -d 45.121.60.194/32 -i bond0 -p icmp -j DROP
-A PREROUTING -s 10.0.0.0/8 -i ens3 -j DROP
-A PREROUTING -s 0.0.0.0/8 -i ens3 -j DROP
-A PREROUTING -s 240.0.0.0/5 -i ens3 -j DROP
-A PREROUTING -s 127.0.0.0/8 -i ens3 -j DROP
-A PREROUTING -f -j DROP
COMMIT
# Completed on Wed Mar  9 00:06:04 2022
	# Generated by iptables-save v1.8.4 on Wed Mar 9 00:06:04 2022
	*raw
	:PREROUTING ACCEPT [653:47787]
	:OUTPUT ACCEPT [691:96020]
	-A PREROUTING -p tcp -m tcp -m multiport --dports 22,80,443,8443,20191,20192,20193,19999 -j ACCEPT
	-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j CT --notrack
	COMMIT
	# Completed on Wed Mar 9 00:06:04 2022
	# Generated by iptables-save v1.8.4 on Wed Mar 9 00:06:04 2022
	*nat
	:PREROUTING ACCEPT [2:117]
	:INPUT ACCEPT [1:57]
	:OUTPUT ACCEPT [11:952]
	:POSTROUTING ACCEPT [11:952]
	:DOCKER - [0:0]
	-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
	-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
	-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
	-A POSTROUTING -s 172.18.0.0/16 ! -o br-19f3a7186944 -j MASQUERADE
	-A POSTROUTING -s 172.18.0.2/32 -d 172.18.0.2/32 -p tcp -m tcp --dport 19999 -j MASQUERADE
	-A DOCKER -i docker0 -j RETURN
	-A DOCKER -i br-19f3a7186944 -j RETURN
	-A DOCKER ! -i br-19f3a7186944 -p tcp -m tcp --dport 19999 -j DNAT --to-destination 172.18.0.2:19999
	COMMIT
	# Completed on Wed Mar 9 00:06:04 2022
	# Generated by iptables-save v1.8.4 on Wed Mar 9 00:06:04 2022
	*filter
	:INPUT ACCEPT [96:7500]
	:FORWARD DROP [0:0]
	:OUTPUT ACCEPT [67:11263]
	:DOCKER - [0:0]
	:DOCKER-ISOLATION-STAGE-1 - [0:0]
	:DOCKER-ISOLATION-STAGE-2 - [0:0]
	:DOCKER-USER - [0:0]
	-A INPUT -p tcp -m tcp -m conntrack --ctstate INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
	-A INPUT -m conntrack --ctstate INVALID -j DROP
	-A FORWARD -j DOCKER-USER
	-A FORWARD -j DOCKER-ISOLATION-STAGE-1
	-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	-A FORWARD -o docker0 -j DOCKER
	-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
	-A FORWARD -i docker0 -o docker0 -j ACCEPT
	-A FORWARD -o br-19f3a7186944 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	-A FORWARD -o br-19f3a7186944 -j DOCKER
	-A FORWARD -i br-19f3a7186944 ! -o br-19f3a7186944 -j ACCEPT
	-A FORWARD -i br-19f3a7186944 -o br-19f3a7186944 -j ACCEPT
	-A DOCKER -d 172.18.0.2/32 ! -i br-19f3a7186944 -o br-19f3a7186944 -p tcp -m tcp --dport 19999 -j ACCEPT
	-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
	-A DOCKER-ISOLATION-STAGE-1 -i br-19f3a7186944 ! -o br-19f3a7186944 -j DOCKER-ISOLATION-STAGE-2
	-A DOCKER-ISOLATION-STAGE-1 -j RETURN
	-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
	-A DOCKER-ISOLATION-STAGE-2 -o br-19f3a7186944 -j DROP
	-A DOCKER-ISOLATION-STAGE-2 -j RETURN
	-A DOCKER-USER -j RETURN
	COMMIT
	*mangle
	:PREROUTING ACCEPT [4499373211:4527602457106]
	:INPUT ACCEPT [38132120:4043491130]
	:FORWARD ACCEPT [4461241088:4523558965784]
	:OUTPUT ACCEPT [4077869:3000330927]
	:POSTROUTING ACCEPT [4464134258:4526497379419]
	-A PREROUTING -m conntrack --ctstate INVALID -j DROP
	-A PREROUTING -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j DROP
	-A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,PSH,URG -j DROP
	-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
	-A PREROUTING -p icmp -j LOG --log-prefix "[IPT][bond0][ICMP]"
	#-A PREROUTING ! -d 45.121.60.194/32 -i bond0 -p icmp -j DROP
	-A PREROUTING -s 10.0.0.0/8 -i ens3 -j DROP
	-A PREROUTING -s 0.0.0.0/8 -i ens3 -j DROP
	-A PREROUTING -s 240.0.0.0/5 -i ens3 -j DROP
	-A PREROUTING -s 127.0.0.0/8 -i ens3 -j DROP
	-A PREROUTING -f -j DROP
	COMMIT
	# Completed on Wed Mar 9 00:06:04 2022