Accidentally the result files produced by the make were committed too. They are removed.

c6cce47a · Branko Mikić · cd0d0a79 · cd0d0a79 · cd0d0a79
Commit c6cce47a authored Mar 28, 2016 by Branko Mikić
--- a/IPv4.rules
+++ b/IPv4.rules
-#
-# /proc/sys/net/ipv4:
-#             all/accept_source_route=0           	         default/accept_source_route=1           
-#            eth0/accept_source_route=1           	            eth1/accept_source_route=1           
-#            eth2/accept_source_route=1           	              lo/accept_source_route=1           
-#            ppp0/accept_source_route=1           	        vboxnet0/accept_source_route=1           
-#                all/accept_redirects=0           	            default/accept_redirects=0           
-#               eth0/accept_redirects=0           	               eth1/accept_redirects=0           
-#               eth2/accept_redirects=0           	                 lo/accept_redirects=0           
-#               ppp0/accept_redirects=0           	           vboxnet0/accept_redirects=0           
-#                       all/rp_filter=1           	                   default/rp_filter=1           
-#                      eth0/rp_filter=1           	                      eth1/rp_filter=1           
-#                      eth2/rp_filter=1           	                        lo/rp_filter=1           
-#                      ppp0/rp_filter=1           	                  vboxnet0/rp_filter=1           
-#                          ip_forward=1           	
-#
-# Kernel modules probed:
-#    ip_tables nf_conntrack
-#
-# reseting ruleset (/sbin/iptables)
-# setting up base ruleset
-# allowing subnets on eth0 link: 10.2.1.1 (broadcast)
-# allowing service discovery on eth0 link.
-# forwarding protectively 10.2.1.0/24 (eth0) to ppp0.
-# masquerading 10.2.1.0/24 when leaving through ppp0.
-# Generated by iptables-save v1.4.12 on Fri Oct  9 13:09:32 2015
-*mangle
-:PREROUTING ACCEPT [2:200]
-:INPUT ACCEPT [2:200]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [2:200]
-:POSTROUTING ACCEPT [2:200]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-COMMIT
-# Completed on Fri Oct  9 13:09:32 2015
-# Generated by iptables-save v1.4.12 on Fri Oct  9 13:09:32 2015
-*nat
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.2.1.0/24 -o ppp0 -m comment --comment "MASQUERADE 10.2.1.0/24 to 0x" -j MASQUERADE
-COMMIT
-# Completed on Fri Oct  9 13:09:32 2015
-# Generated by iptables-save v1.4.12 on Fri Oct  9 13:09:32 2015
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT DROP [0:0]
-:0A02010018-eth0-ppp0 - [0:0]
-:0A02010018-ppp0-eth0 - [0:0]
-:ANTI-FLOOD - [0:0]
-:BLOCK - [0:0]
-:ICMP - [0:0]
-:LOCAL - [0:0]
-:USER-IN - [0:0]
-:USER-OUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ICMP
-A INPUT -m state --state INVALID -j BLOCK
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ANTI-FLOOD
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j ANTI-FLOOD
-A INPUT -p udp -m udp --sport 67 --dport 68 -m comment --comment bootp -j ACCEPT
-A INPUT -j LOCAL
-A INPUT -p tcp -m tcp --dport 22 -m comment --comment ssh -j ACCEPT
-A INPUT -m comment --comment "add your custom INPUT rules in the USER-IN chain!" -j USER-IN
-A INPUT -m limit --limit 8/min --limit-burst 16 -j LOG --log-prefix "[IN-DROP] "
-A FORWARD -s 10.2.1.0/24 -i eth0 -o ppp0 -m comment --comment "FORWARD_SUBNET_PROTECTIVE 10.2.1.0/24 among eth0 and ppp0" -j 0A02010018-eth0-ppp0
-A FORWARD -d 10.2.1.0/24 -i ppp0 -o eth0 -m comment --comment "FORWARD_SUBNET_PROTECTIVE 10.2.1.0/24 among eth0 and ppp0" -j 0A02010018-ppp0-eth0
-A FORWARD -m limit --limit 8/min --limit-burst 16 -j LOG --log-prefix "[FWD-DROP] "
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m comment --comment "add your custom OUTPUT rules in the USER-OUT chain!" -j USER-OUT
-A OUTPUT -m state --state NEW -j ACCEPT
-A OUTPUT -m limit --limit 8/min --limit-burst 16 -j LOG --log-prefix "[OUT-DROP] "
-A 0A02010018-eth0-ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A 0A02010018-eth0-ppp0 -m state --state NEW -j ACCEPT
-A 0A02010018-eth0-ppp0 -p tcp -m tcp -m multiport --dports 80,443 -j ACCEPT
-A 0A02010018-ppp0-eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A 0A02010018-ppp0-eth0 -p icmp -j ICMP
-A 0A02010018-ppp0-eth0 -m state --state INVALID -j BLOCK
-A 0A02010018-ppp0-eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ANTI-FLOOD
-A 0A02010018-ppp0-eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j ANTI-FLOOD
-A ANTI-FLOOD -m limit --limit 2/sec -j RETURN
-A ANTI-FLOOD -j LOG --log-prefix "[BLOCK] (ANTIFLOOD) "
-A ANTI-FLOOD -j DROP
-A BLOCK -m limit --limit 4/min --limit-burst 8 -j LOG --log-prefix "[BLOCK] "
-A BLOCK -j DROP
-A ICMP -p icmp -m icmp --icmp-type 3 -m comment --comment destination-unreachable -j ACCEPT
-A ICMP -p icmp -m icmp --icmp-type 4 -m comment --comment source-quench -j ACCEPT
-A ICMP -p icmp -m icmp --icmp-type 8 -m comment --comment "echo-request: Ping of death" -j ANTI-FLOOD
-A ICMP -p icmp -m icmp --icmp-type 8 -m comment --comment echo-request -j ACCEPT
-A ICMP -p icmp -m icmp --icmp-type 11 -m comment --comment time-exceeded -j ACCEPT
-A ICMP -p icmp -m icmp --icmp-type 12 -m comment --comment parameter-problem -j ACCEPT
-A LOCAL -m addrtype --dst-type LOCAL -j RETURN
-A LOCAL -m addrtype --dst-type MULTICAST -j RETURN
-A LOCAL -m addrtype --dst-type BROADCAST -j RETURN
-A LOCAL -j BLOCK
-A USER-IN -s 10.2.1.0/24 -i eth0 -m comment --comment "ALLOW_SUBNETS on 0x50e549399da8" -j ACCEPT
-A USER-IN -i eth0 -m pkttype --pkt-type broadcast -m comment --comment "ALLOW_SUBNETS on 0x50e549399da8 (broadcast)" -j ACCEPT
-A USER-IN -d 224.0.0.251/32 -i eth0 -p udp -m udp --dport 5353 -m comment --comment "ALLOW_SERVICE_DISCOVERY on 0x50e549399da8 (multicast mDNS)" -j ACCEPT
-A USER-IN -d 239.255.255.250/32 -i eth0 -p udp -m udp --dport 1900 -m comment --comment "ALLOW_SERVICE_DISCOVERY on 0x50e549399da8 (multicast UPnP)" -j ACCEPT
-A USER-OUT -s 10.2.1.1/32 -d 10.2.1.0/24 -o eth0 -m comment --comment "ALLOW_SUBNETS on 0x50e549399da8" -j ACCEPT
-COMMIT
-# Completed on Fri Oct  9 13:09:32 2015
-#~~~ created by ipturntables.sh
--- a/IPv6.rules
+++ b/IPv6.rules
-#
-# /proc/sys/net/ipv6:
-#             all/accept_source_route=0           	         default/accept_source_route=0           
-#            eth0/accept_source_route=0           	            eth1/accept_source_route=0           
-#            eth2/accept_source_route=0           	              lo/accept_source_route=0           
-#            ppp0/accept_source_route=0           	
-#                all/accept_redirects=0           	            default/accept_redirects=0           
-#               eth0/accept_redirects=1           	               eth1/accept_redirects=1           
-#               eth2/accept_redirects=1           	                 lo/accept_redirects=1           
-#               ppp0/accept_redirects=0           	
-#                       all/accept_ra=1           	                   default/accept_ra=1           
-#                      eth0/accept_ra=1           	                      eth1/accept_ra=1           
-#                      eth2/accept_ra=1           	                        lo/accept_ra=1           
-#                      ppp0/accept_ra=2           	
-#                      all/forwarding=1           	                  default/forwarding=1           
-#                     eth0/forwarding=1           	                     eth1/forwarding=1           
-#                     eth2/forwarding=1           	                       lo/forwarding=1           
-#                     ppp0/forwarding=1           	
-#
-# Kernel modules probed:
-#    ip6_tables nf_conntrack
-#
-# reseting ruleset (/sbin/ip6tables)
-# setting up base ruleset
-# allowing service discovery on eth0 link.
-# allowing subnets on eth0 link: (broadcast) fe80::52e5:49ff:fe39:9da8
-# allowing DHCPv6 client requests on 'ppp0'.
-# Generated by ip6tables-save v1.4.12 on Wed Apr  8 08:09:35 2015
-*mangle
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-COMMIT
-# Completed on Wed Apr  8 08:09:35 2015
-# Generated by ip6tables-save v1.4.12 on Wed Apr  8 08:09:35 2015
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT DROP [0:0]
-:ANTI-FLOOD - [0:0]
-:BLOCK - [0:0]
-:ICMP - [0:0]
-:USER-IN - [0:0]
-:USER-OUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m hl --hl-eq 255 -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m hl --hl-eq 255 -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m hl --hl-eq 255 -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m hl --hl-eq 255 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m comment --comment "echo-reply allowed on link local" -j ACCEPT
-A INPUT -p ipv6-icmp -j ICMP
-A INPUT -m state --state INVALID -j BLOCK
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ANTI-FLOOD
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j ANTI-FLOOD
-A INPUT -p udp -m udp --sport 67 --dport 68 -m comment --comment bootp -j ACCEPT
-A INPUT -m comment --comment "add your custom INPUT rules in the USER-IN chain!" -j USER-IN
-A INPUT -m limit --limit 8/min --limit-burst 16 -j LOG --log-prefix "[IN-DROP] "
-A FORWARD -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A FORWARD -m limit --limit 8/min --limit-burst 16 -j LOG --log-prefix "[FWD-DROP] "
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m hl --hl-eq 255 -j ACCEPT
-A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m hl --hl-eq 255 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m comment --comment "add your custom OUTPUT rules in the USER-OUT chain!" -j USER-OUT
-A OUTPUT -m state --state NEW -j ACCEPT
-A OUTPUT -m limit --limit 8/min --limit-burst 16 -j LOG --log-prefix "[OUT-DROP] "
-A ANTI-FLOOD -m limit --limit 2/sec -j RETURN
-A ANTI-FLOOD -j LOG --log-prefix "[BLOCK] (ANTIFLOOD) "
-A ANTI-FLOOD -j DROP
-A BLOCK -m limit --limit 4/min --limit-burst 8 -j LOG --log-prefix "[BLOCK] "
-A BLOCK -j DROP
-A ICMP -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m comment --comment "destination unreachable" -j ACCEPT
-A ICMP -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m comment --comment "packet too big" -j ACCEPT
-A ICMP -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m comment --comment "time exceeded" -j ACCEPT
-A ICMP -p ipv6-icmp -m icmp6 --icmpv6-type 4 -m comment --comment "parameter problem" -j ACCEPT
-A ICMP -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m comment --comment "echo-request: Ping of death" -j ANTI-FLOOD
-A ICMP -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m comment --comment echo-request -j ACCEPT
-A USER-IN -d ff02::fb/128 -i eth0 -p udp -m udp --dport 5353 -m comment --comment "ALLOW_SERVICE_DISCOVERY on 0x50e549399da8 (multicast mDNS)" -j ACCEPT
-A USER-IN -d ff02::f/128 -i eth0 -p udp -m udp --dport 1900 -m comment --comment "ALLOW_SERVICE_DISCOVERY on 0x50e549399da8 (multicast UPnP)" -j ACCEPT
-A USER-IN -i eth0 -m pkttype --pkt-type broadcast -m comment --comment "ALLOW_SUBNETS on 0x50e549399da8 (broadcast)" -j ACCEPT
-A USER-IN -s fe80::/10 -d fe80::/10 -i ppp0 -p udp -m udp --sport 547 --dport 546 -m comment --comment "ALLOW_DHCPV6_CLIENT on 0x" -j ACCEPT
-A USER-OUT -s fe80::52e5:49ff:fe39:9da8/128 -o eth0 -m comment --comment "ALLOW_SUBNETS on 0x50e549399da8 (outbound from link-local)" -j ACCEPT
-COMMIT
-# Completed on Wed Apr  8 08:09:35 2015
-#~~~ created by ipturntables.sh