| # Generated by iptables-save v1.4.21 on Thu Jun 29 18:03:06 2017 |
| *raw |
| :PREROUTING ACCEPT [0:0] |
| :OUTPUT ACCEPT [0:0] |
| :port_assignment - [0:0] |
| -A PREROUTING -j port_assignment |
| -A OUTPUT -j port_assignment |
| -A port_assignment -p tcp -m tcp --dport 1723 -j CT --helper pptp |
| COMMIT |
| # Completed on Thu Jun 29 18:03:06 2017 |
| # Generated by iptables-save v1.4.21 on Thu Jun 29 18:03:06 2017 |
| *filter |
| :INPUT DROP [0:0] |
| :FORWARD DROP [0:0] |
| :OUTPUT ACCEPT [0:0] |
| :CUST_I15_IN - [0:0] |
| :CUST_I15_OUT - [0:0] |
| :CUST_I16_IN - [0:0] |
| :CUST_I16_OUT - [0:0] |
| :L_ACCEPT - [0:0] |
| :L_DROP - [0:0] |
| :L_REJECT - [0:0] |
| :VPN_USERS_IN - [0:0] |
| :VPN_USERS_OUT - [0:0] |
| -A INPUT -m conntrack --ctstate INVALID -j L_DROP |
| -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j L_ACCEPT |
| -A INPUT -i lo -j L_ACCEPT |
| -A INPUT -s 10.78.129.130/32 -p tcp -m tcp --dport 5666 -j L_ACCEPT |
| -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,80,443,873,1723 -j L_ACCEPT |
| -A INPUT -p udp -m udp -m multiport --dports 500,1701,4500 -j L_ACCEPT |
| -A INPUT -p icmp -m icmp --icmp-type 8 -j L_ACCEPT |
| -A INPUT -s 10.31.70.8/29 -i bond0.208 -p tcp -m tcp --dport 179 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT |
| -A INPUT -s 10.44.224.8/29 -i bond0.686 -p tcp -m tcp --dport 179 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT |
| -A INPUT -p esp -j L_ACCEPT |
| -A INPUT -s 168.209.255.75/32 -p gre -j L_ACCEPT |
| -A INPUT -s 168.209.255.106/32 -p gre -j L_ACCEPT |
| -A INPUT -s 10.35.167.46/32 -p gre -j L_ACCEPT |
| -A INPUT -s 10.35.167.45/32 -p gre -j L_ACCEPT |
| -A INPUT -i gre-wbcore -j L_ACCEPT |
| -A INPUT -i gre-davo-+ -j L_ACCEPT |
| -A INPUT -i bond0.208 -j L_DROP |
| -A INPUT -i bond0.686 -j L_DROP |
| -A INPUT -j L_ACCEPT |
| -A FORWARD -i bond0.10 -j ACCEPT |
| -A FORWARD -m conntrack --ctstate INVALID -j L_DROP |
| -A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu |
| -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j L_ACCEPT |
| -A FORWARD -d 10.31.63.80/30 -o bond0.10 -j L_ACCEPT |
| -A FORWARD -o bond0.11 -j CUST_I16_IN |
| -A FORWARD -i bond0.11 -j CUST_I16_OUT |
| -A FORWARD -o bond0.12 -j CUST_I15_IN |
| -A FORWARD -i bond0.12 -j CUST_I15_OUT |
| -A FORWARD -s 192.168.255.0/24 -i ppp+ -o bond0.208 -j L_DROP |
| -A FORWARD -s 192.168.255.0/24 -i ppp+ -o bond0.686 -j L_DROP |
| -A FORWARD -j L_ACCEPT |
| -A CUST_I15_IN -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT |
| -A CUST_I15_IN -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT |
| -A CUST_I15_IN -p tcp -m tcp --dport 433 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT |
| -A CUST_I15_IN -p tcp -m tcp --dport 3306 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT |
| -A CUST_I15_IN -p tcp -m tcp --dport 3390 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT |
| -A CUST_I15_IN -j L_DROP |
| -A CUST_I15_OUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,443 -j L_ACCEPT |
| -A CUST_I15_OUT -j L_DROP |
| -A CUST_I16_IN -p tcp -m tcp --dport 3390 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT |
| -A CUST_I16_IN -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT |
| -A CUST_I16_IN -p icmp -m icmp --icmp-type 8 -j L_ACCEPT |
| -A CUST_I16_IN -j L_DROP |
| -A CUST_I16_OUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,443 -j L_ACCEPT |
| -A CUST_I16_OUT -d 154.73.34.12/32 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 25 -j L_ACCEPT |
| -A CUST_I16_OUT -j L_DROP |
| -A L_ACCEPT -j NFLOG --nflog-group 1 --nflog-threshold 5 |
| -A L_ACCEPT -j ACCEPT |
| -A L_DROP -j LOG --log-prefix "L_DROP: " |
| -A L_DROP -j NFLOG --nflog-group 2 --nflog-threshold 5 |
| -A L_DROP -j DROP |
| -A L_REJECT -j NFLOG --nflog-group 3 --nflog-threshold 5 |
| -A L_REJECT -j REJECT --reject-with icmp-port-unreachable |
| -A VPN_USERS_IN -i ppp0 -m comment --comment "User: " -j ACCEPT |
| -A VPN_USERS_OUT -o ppp0 -m comment --comment "User: " -j ACCEPT |
| COMMIT |
| # Completed on Thu Jun 29 18:03:06 2017 |