|
|
|
@ -0,0 +1,42 @@ |
|
|
|
*filter |
|
|
|
:INPUT ACCEPT [139:11952] |
|
|
|
:FORWARD ACCEPT [0:0] |
|
|
|
:OUTPUT ACCEPT [31:3232] |
|
|
|
|
|
|
|
# Allow host ports |
|
|
|
-A INPUT -p tcp --dport 22 -j ACCEPT |
|
|
|
-A INPUT -p tcp --dport 53 -j ACCEPT |
|
|
|
-A INPUT -p tcp --dport 80 -j ACCEPT |
|
|
|
-A INPUT -p tcp --dport 13699 -j ACCEPT |
|
|
|
|
|
|
|
# Standard Internal Traffic |
|
|
|
-A INPUT -i lo -j ACCEPT |
|
|
|
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT |
|
|
|
|
|
|
|
# NAT Forwarding |
|
|
|
-A FORWARD -i enp2s0.10 -o enp2s0.2 -j ACCEPT |
|
|
|
-A FORWARD -i enp2s0.11 -o enp2s0.2 -j ACCEPT |
|
|
|
-A FORWARD -i enp2s0.12 -o enp2s0.2 -j ACCEPT |
|
|
|
-A FORWARD -i enp2s0.13 -o enp2s0.2 -j ACCEPT |
|
|
|
-A FORWARD -i enp2s0.14 -o enp2s0.2 -j ACCEPT |
|
|
|
|
|
|
|
# NAT Returns |
|
|
|
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT |
|
|
|
-A FORWARD -m conntrack --ctstate INVALID -j DROP |
|
|
|
|
|
|
|
# Drop weird shit |
|
|
|
-A INPUT -p tcp -j DROP |
|
|
|
|
|
|
|
COMMIT |
|
|
|
|
|
|
|
*nat |
|
|
|
:PREROUTING ACCEPT [12:835] |
|
|
|
:INPUT ACCEPT [12:835] |
|
|
|
:OUTPUT ACCEPT [1:104] |
|
|
|
:POSTROUTING ACCEPT [0:0] |
|
|
|
|
|
|
|
# General NAT Traffic |
|
|
|
-A POSTROUTING -o enp2s0.2 -j MASQUERADE |
|
|
|
|
|
|
|
COMMIT |
|
|
|
|
secnet
4 years ago