1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305 | root@repozitor:/home/repozitor# iptables -L -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
96 7812 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
78 6323 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
78 6323 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
78 6323 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
27 2106 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 74 packets, 6720 bytes)
pkts bytes target prot opt in out source destination
86 7728 OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- + * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * + 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_trusted (0 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_trusted_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_trusted_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_trusted_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDI_trusted_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_trusted_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_trusted_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_external (0 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_external_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_external_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_external_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDO_external_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDO_external_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_external_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_trusted (0 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_trusted_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_trusted_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_trusted_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDO_trusted_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_trusted_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_trusted_log (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
51 4217 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- + * 0.0.0.0/0 0.0.0.0/0
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain IN_dmz (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_dmz_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_dmz_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_dmz_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_dmz_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
Chain IN_dmz_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_dmz_log (1 references)
pkts bytes target prot opt in out source destination
Chain IN_external (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_external_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_external_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_external_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_external_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
Chain IN_external_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_external_log (1 references)
pkts bytes target prot opt in out source destination
Chain IN_home (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_home_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_home_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_home_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_home_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
Chain IN_home_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_home_log (1 references)
pkts bytes target prot opt in out source destination
Chain IN_internal (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_internal_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_internal_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_internal_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_internal_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
Chain IN_internal_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_internal_log (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 ctstate NEW
Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain IN_trusted (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_trusted_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_trusted_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_trusted_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_trusted_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ctstate NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ctstate NEW
Chain IN_trusted_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_trusted_log (1 references)
pkts bytes target prot opt in out source destination
Chain IN_work (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_work_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_work_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IN_work_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_work_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
Chain IN_work_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_work_log (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
root@repozitor:/home/repozitor# iptables -L -nv -t mangle
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
833 85202 PREROUTING_direct all -- * * 0.0.0.0/0 0.0.0.0/0
833 85202 PREROUTING_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
833 85202 PREROUTING_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 781 packets, 79229 bytes)
pkts bytes target prot opt in out source destination
819 82283 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 403 packets, 48724 bytes)
pkts bytes target prot opt in out source destination
415 49760 OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 403 packets, 48724 bytes)
pkts bytes target prot opt in out source destination
416 49844 POSTROUTING_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain POSTROUTING_direct (1 references)
pkts bytes target prot opt in out source destination
Chain PREROUTING_ZONES (1 references)
pkts bytes target prot opt in out source destination
796 82250 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- + * 0.0.0.0/0 0.0.0.0/0
Chain PREROUTING_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain PREROUTING_direct (1 references)
pkts bytes target prot opt in out source destination
Chain PRE_trusted (0 references)
pkts bytes target prot opt in out source destination
0 0 PRE_trusted_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 PRE_trusted_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 PRE_trusted_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain PRE_trusted_allow (1 references)
pkts bytes target prot opt in out source destination
Chain PRE_trusted_deny (1 references)
pkts bytes target prot opt in out source destination
Chain PRE_trusted_log (1 references)
pkts bytes target prot opt in out source destination
root@repozitor:/home/repozitor# iptables -L -nv -t raw
Chain PREROUTING (policy ACCEPT 912 packets, 92824 bytes)
pkts bytes target prot opt in out source destination
912 92824 PREROUTING_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 465 packets, 57944 bytes)
pkts bytes target prot opt in out source destination
465 57944 OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain PREROUTING_direct (1 references)
pkts bytes target prot opt in out source destination
|