Commit c6cce47a authored by Branko Mikić's avatar Branko Mikić
Browse files

Accidentally the result files produced by the make were committed too. They are removed.

parent cd0d0a79
#
# /proc/sys/net/ipv4:
# all/accept_source_route=0 default/accept_source_route=1
# eth0/accept_source_route=1 eth1/accept_source_route=1
# eth2/accept_source_route=1 lo/accept_source_route=1
# ppp0/accept_source_route=1 vboxnet0/accept_source_route=1
# all/accept_redirects=0 default/accept_redirects=0
# eth0/accept_redirects=0 eth1/accept_redirects=0
# eth2/accept_redirects=0 lo/accept_redirects=0
# ppp0/accept_redirects=0 vboxnet0/accept_redirects=0
# all/rp_filter=1 default/rp_filter=1
# eth0/rp_filter=1 eth1/rp_filter=1
# eth2/rp_filter=1 lo/rp_filter=1
# ppp0/rp_filter=1 vboxnet0/rp_filter=1
# ip_forward=1
#
# Kernel modules probed:
# ip_tables nf_conntrack
#
# reseting ruleset (/sbin/iptables)
# setting up base ruleset
# allowing subnets on eth0 link: 10.2.1.1 (broadcast)
# allowing service discovery on eth0 link.
# forwarding protectively 10.2.1.0/24 (eth0) to ppp0.
# masquerading 10.2.1.0/24 when leaving through ppp0.
# Generated by iptables-save v1.4.12 on Fri Oct 9 13:09:32 2015
*mangle
:PREROUTING ACCEPT [2:200]
:INPUT ACCEPT [2:200]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:200]
:POSTROUTING ACCEPT [2:200]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Fri Oct 9 13:09:32 2015
# Generated by iptables-save v1.4.12 on Fri Oct 9 13:09:32 2015
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.2.1.0/24 -o ppp0 -m comment --comment "MASQUERADE 10.2.1.0/24 to 0x" -j MASQUERADE
COMMIT
# Completed on Fri Oct 9 13:09:32 2015
# Generated by iptables-save v1.4.12 on Fri Oct 9 13:09:32 2015
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:0A02010018-eth0-ppp0 - [0:0]
:0A02010018-ppp0-eth0 - [0:0]
:ANTI-FLOOD - [0:0]
:BLOCK - [0:0]
:ICMP - [0:0]
:LOCAL - [0:0]
:USER-IN - [0:0]
:USER-OUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ICMP
-A INPUT -m state --state INVALID -j BLOCK
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ANTI-FLOOD
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j ANTI-FLOOD
-A INPUT -p udp -m udp --sport 67 --dport 68 -m comment --comment bootp -j ACCEPT
-A INPUT -j LOCAL
-A INPUT -p tcp -m tcp --dport 22 -m comment --comment ssh -j ACCEPT
-A INPUT -m comment --comment "add your custom INPUT rules in the USER-IN chain!" -j USER-IN
-A INPUT -m limit --limit 8/min --limit-burst 16 -j LOG --log-prefix "[IN-DROP] "
-A FORWARD -s 10.2.1.0/24 -i eth0 -o ppp0 -m comment --comment "FORWARD_SUBNET_PROTECTIVE 10.2.1.0/24 among eth0 and ppp0" -j 0A02010018-eth0-ppp0
-A FORWARD -d 10.2.1.0/24 -i ppp0 -o eth0 -m comment --comment "FORWARD_SUBNET_PROTECTIVE 10.2.1.0/24 among eth0 and ppp0" -j 0A02010018-ppp0-eth0
-A FORWARD -m limit --limit 8/min --limit-burst 16 -j LOG --log-prefix "[FWD-DROP] "
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m comment --comment "add your custom OUTPUT rules in the USER-OUT chain!" -j USER-OUT
-A OUTPUT -m state --state NEW -j ACCEPT
-A OUTPUT -m limit --limit 8/min --limit-burst 16 -j LOG --log-prefix "[OUT-DROP] "
-A 0A02010018-eth0-ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A 0A02010018-eth0-ppp0 -m state --state NEW -j ACCEPT
-A 0A02010018-eth0-ppp0 -p tcp -m tcp -m multiport --dports 80,443 -j ACCEPT
-A 0A02010018-ppp0-eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A 0A02010018-ppp0-eth0 -p icmp -j ICMP
-A 0A02010018-ppp0-eth0 -m state --state INVALID -j BLOCK
-A 0A02010018-ppp0-eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ANTI-FLOOD
-A 0A02010018-ppp0-eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j ANTI-FLOOD
-A ANTI-FLOOD -m limit --limit 2/sec -j RETURN
-A ANTI-FLOOD -j LOG --log-prefix "[BLOCK] (ANTIFLOOD) "
-A ANTI-FLOOD -j DROP
-A BLOCK -m limit --limit 4/min --limit-burst 8 -j LOG --log-prefix "[BLOCK] "
-A BLOCK -j DROP
-A ICMP -p icmp -m icmp --icmp-type 3 -m comment --comment destination-unreachable -j ACCEPT
-A ICMP -p icmp -m icmp --icmp-type 4 -m comment --comment source-quench -j ACCEPT
-A ICMP -p icmp -m icmp --icmp-type 8 -m comment --comment "echo-request: Ping of death" -j ANTI-FLOOD
-A ICMP -p icmp -m icmp --icmp-type 8 -m comment --comment echo-request -j ACCEPT
-A ICMP -p icmp -m icmp --icmp-type 11 -m comment --comment time-exceeded -j ACCEPT
-A ICMP -p icmp -m icmp --icmp-type 12 -m comment --comment parameter-problem -j ACCEPT
-A LOCAL -m addrtype --dst-type LOCAL -j RETURN
-A LOCAL -m addrtype --dst-type MULTICAST -j RETURN
-A LOCAL -m addrtype --dst-type BROADCAST -j RETURN
-A LOCAL -j BLOCK
-A USER-IN -s 10.2.1.0/24 -i eth0 -m comment --comment "ALLOW_SUBNETS on 0x50e549399da8" -j ACCEPT
-A USER-IN -i eth0 -m pkttype --pkt-type broadcast -m comment --comment "ALLOW_SUBNETS on 0x50e549399da8 (broadcast)" -j ACCEPT
-A USER-IN -d 224.0.0.251/32 -i eth0 -p udp -m udp --dport 5353 -m comment --comment "ALLOW_SERVICE_DISCOVERY on 0x50e549399da8 (multicast mDNS)" -j ACCEPT
-A USER-IN -d 239.255.255.250/32 -i eth0 -p udp -m udp --dport 1900 -m comment --comment "ALLOW_SERVICE_DISCOVERY on 0x50e549399da8 (multicast UPnP)" -j ACCEPT
-A USER-OUT -s 10.2.1.1/32 -d 10.2.1.0/24 -o eth0 -m comment --comment "ALLOW_SUBNETS on 0x50e549399da8" -j ACCEPT
COMMIT
# Completed on Fri Oct 9 13:09:32 2015
#~~~ created by ipturntables.sh
#
# /proc/sys/net/ipv6:
# all/accept_source_route=0 default/accept_source_route=0
# eth0/accept_source_route=0 eth1/accept_source_route=0
# eth2/accept_source_route=0 lo/accept_source_route=0
# ppp0/accept_source_route=0
# all/accept_redirects=0 default/accept_redirects=0
# eth0/accept_redirects=1 eth1/accept_redirects=1
# eth2/accept_redirects=1 lo/accept_redirects=1
# ppp0/accept_redirects=0
# all/accept_ra=1 default/accept_ra=1
# eth0/accept_ra=1 eth1/accept_ra=1
# eth2/accept_ra=1 lo/accept_ra=1
# ppp0/accept_ra=2
# all/forwarding=1 default/forwarding=1
# eth0/forwarding=1 eth1/forwarding=1
# eth2/forwarding=1 lo/forwarding=1
# ppp0/forwarding=1
#
# Kernel modules probed:
# ip6_tables nf_conntrack
#
# reseting ruleset (/sbin/ip6tables)
# setting up base ruleset
# allowing service discovery on eth0 link.
# allowing subnets on eth0 link: (broadcast) fe80::52e5:49ff:fe39:9da8
# allowing DHCPv6 client requests on 'ppp0'.
# Generated by ip6tables-save v1.4.12 on Wed Apr 8 08:09:35 2015
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Wed Apr 8 08:09:35 2015
# Generated by ip6tables-save v1.4.12 on Wed Apr 8 08:09:35 2015
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:ANTI-FLOOD - [0:0]
:BLOCK - [0:0]
:ICMP - [0:0]
:USER-IN - [0:0]
:USER-OUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m hl --hl-eq 255 -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m hl --hl-eq 255 -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m hl --hl-eq 255 -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m hl --hl-eq 255 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m comment --comment "echo-reply allowed on link local" -j ACCEPT
-A INPUT -p ipv6-icmp -j ICMP
-A INPUT -m state --state INVALID -j BLOCK
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ANTI-FLOOD
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j ANTI-FLOOD
-A INPUT -p udp -m udp --sport 67 --dport 68 -m comment --comment bootp -j ACCEPT
-A INPUT -m comment --comment "add your custom INPUT rules in the USER-IN chain!" -j USER-IN
-A INPUT -m limit --limit 8/min --limit-burst 16 -j LOG --log-prefix "[IN-DROP] "
-A FORWARD -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A FORWARD -m limit --limit 8/min --limit-burst 16 -j LOG --log-prefix "[FWD-DROP] "
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m hl --hl-eq 255 -j ACCEPT
-A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m hl --hl-eq 255 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m comment --comment "add your custom OUTPUT rules in the USER-OUT chain!" -j USER-OUT
-A OUTPUT -m state --state NEW -j ACCEPT
-A OUTPUT -m limit --limit 8/min --limit-burst 16 -j LOG --log-prefix "[OUT-DROP] "
-A ANTI-FLOOD -m limit --limit 2/sec -j RETURN
-A ANTI-FLOOD -j LOG --log-prefix "[BLOCK] (ANTIFLOOD) "
-A ANTI-FLOOD -j DROP
-A BLOCK -m limit --limit 4/min --limit-burst 8 -j LOG --log-prefix "[BLOCK] "
-A BLOCK -j DROP
-A ICMP -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m comment --comment "destination unreachable" -j ACCEPT
-A ICMP -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m comment --comment "packet too big" -j ACCEPT
-A ICMP -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m comment --comment "time exceeded" -j ACCEPT
-A ICMP -p ipv6-icmp -m icmp6 --icmpv6-type 4 -m comment --comment "parameter problem" -j ACCEPT
-A ICMP -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m comment --comment "echo-request: Ping of death" -j ANTI-FLOOD
-A ICMP -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m comment --comment echo-request -j ACCEPT
-A USER-IN -d ff02::fb/128 -i eth0 -p udp -m udp --dport 5353 -m comment --comment "ALLOW_SERVICE_DISCOVERY on 0x50e549399da8 (multicast mDNS)" -j ACCEPT
-A USER-IN -d ff02::f/128 -i eth0 -p udp -m udp --dport 1900 -m comment --comment "ALLOW_SERVICE_DISCOVERY on 0x50e549399da8 (multicast UPnP)" -j ACCEPT
-A USER-IN -i eth0 -m pkttype --pkt-type broadcast -m comment --comment "ALLOW_SUBNETS on 0x50e549399da8 (broadcast)" -j ACCEPT
-A USER-IN -s fe80::/10 -d fe80::/10 -i ppp0 -p udp -m udp --sport 547 --dport 546 -m comment --comment "ALLOW_DHCPV6_CLIENT on 0x" -j ACCEPT
-A USER-OUT -s fe80::52e5:49ff:fe39:9da8/128 -o eth0 -m comment --comment "ALLOW_SUBNETS on 0x50e549399da8 (outbound from link-local)" -j ACCEPT
COMMIT
# Completed on Wed Apr 8 08:09:35 2015
#~~~ created by ipturntables.sh
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment