Created
December 26, 2017 23:12
-
-
Save samuelb/15adaa445fcb0a31303095665fce950e to your computer and use it in GitHub Desktop.
/etc/iptables/...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *filter | |
| :INPUT DROP [0:0] | |
| :FORWARD DROP [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -m rt --rt-type 0 -j DROP | |
| -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A INPUT -m conntrack --ctstate INVALID -j DROP | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m hl --hl-eq 255 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m hl --hl-eq 255 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m hl --hl-eq 255 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m hl --hl-eq 255 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT | |
| -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -j ACCEPT | |
| -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -j ACCEPT | |
| -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -j ACCEPT | |
| -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT | |
| -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 151 -m hl --hl-eq 1 -j ACCEPT | |
| -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 152 -m hl --hl-eq 1 -j ACCEPT | |
| -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 153 -m hl --hl-eq 1 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 144 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 145 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 146 -j ACCEPT | |
| -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 147 -j ACCEPT | |
| -A INPUT -s fe80::/10 -d fe80::/10 -p udp -m udp --sport 547 --dport 546 -j ACCEPT | |
| -A INPUT -d ff02::fb/128 -p udp -m udp --dport 5353 -j ACCEPT | |
| -A INPUT -d ff02::f/128 -p udp -m udp --dport 1900 -j ACCEPT | |
| COMMIT | |
| # Completed on Tue Oct 14 15:30:41 2014 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *filter | |
| :INPUT DROP [0:0] | |
| :FORWARD DROP [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A INPUT -m conntrack --ctstate INVALID -j DROP | |
| -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 4 -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT | |
| -A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT | |
| -A INPUT -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT | |
| -A INPUT -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT | |
| COMMIT | |
| # Completed on Tue Oct 14 15:30:41 2014 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment