This worked!
Command:
# cat /etc/sysconfig/iptables
Result:
# (1) ポリシーの設定 OUTPUTのみACCEPTにする
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
# (2) ループバック(自分自身からの通信)を許可する
-A INPUT -i lo -j ACCEPT
# (3) データを持たないパケットの接続を破棄する
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# (4) SYNflood攻撃と思われる接続を破棄する
-A INPUT -p tcp ! --syn -m state --state NEW -j DROP
# (5) ステルススキャンと思われる接続を破棄する
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP
# (6) icmp(ping)の設定
# hashlimitを使う
# -m hashlimit hashlimitモジュールを使用する
# —hashlimit-name t_icmp 記録するファイル名
# —hashlimit 1/m リミット時には1分間に1パケットを上限とする
# —hashlimit-burst 10 規定時間内に10パケット受信すればリミットを有効にする
# —hashlimit-mode srcip ソースIPを元にアクセスを制限する
# —hashlimit-htable-expire 120000 リミットの有効期間。単位はms
-A INPUT -p icmp --icmp-type echo-request -m hashlimit --hashlimit-name t_icmp --hashlimit 1/m --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-htable-expire 120000 -j ACCEPT
# (7) 確立済みの通信は、ポート番号に関係なく許可する
-A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
# (8) 任意へのDNSアクセスの戻りパケットを受け付ける
-A INPUT -p udp --sport 53 -j ACCEPT
# (9) SSHを許可する設定
# hashlimitを使う
# -m hashlimit hashlimitモジュールを使用する
# —hashlimit-name t_sshd 記録するファイル名
# —hashlimit 1/m リミット時には1分間に1パケットを上限とする
# —hashlimit-burst 10 規定時間内に10パケット受信すればリミットを有効にする
# —hashlimit-mode srcip ソースIPを元にアクセスを制限する
# —hashlimit-htable-expire 120000 リミットの有効期間。単位はms
-A INPUT -p tcp -m state --syn --state NEW --dport 22 -m hashlimit --hashlimit-name t_sshd --hashlimit 1/m --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-htable-expire 120000 -j ACCEPT
# (10) 個別に許可するプロトコルとポートをここに書き込む。
# この例では、HTTP(TCP 80)とHTTPS(TCP 443)を許可している。
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
COMMIT
Reference:
http://knowledge.sakura.ad.jp/beginner/4048/
Showing posts with label iptables. Show all posts
Showing posts with label iptables. Show all posts
Wednesday, August 30, 2017
CentOS: iptables: Fixing Webserver Accessibility (How secure now?)
Command:
# diff /etc/sysconfig/iptables /etc/sysconfig/iptables.org
Result:
1c1,2
< # Generated by iptables-save v1.4.7 on Wed Aug 30 00:09:28 2017
---
> # Firewall configuration written by system-config-firewall
> # Manual customization of this file is not recommended.
3,11c4,12
< :INPUT DROP [0:0]
< :FORWARD DROP [0:0]
< :OUTPUT ACCEPT [24:2320]
< -A INPUT -i lo -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
< -A INPUT -p udp -m udp --dport 53 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
---
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
13d13
< # Completed on Wed Aug 30 00:09:28 2017
Reference:
http://programmerbox.com/2013-12-24_vps_construct_procedure_manual/
# diff /etc/sysconfig/iptables /etc/sysconfig/iptables.org
Result:
1c1,2
< # Generated by iptables-save v1.4.7 on Wed Aug 30 00:09:28 2017
---
> # Firewall configuration written by system-config-firewall
> # Manual customization of this file is not recommended.
3,11c4,12
< :INPUT DROP [0:0]
< :FORWARD DROP [0:0]
< :OUTPUT ACCEPT [24:2320]
< -A INPUT -i lo -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
< -A INPUT -p udp -m udp --dport 53 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
---
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
13d13
< # Completed on Wed Aug 30 00:09:28 2017
Reference:
http://programmerbox.com/2013-12-24_vps_construct_procedure_manual/
ラベル:
CentOS,
diff utility,
iptables
Tuesday, August 29, 2017
CentOS: iptables: Opening HTTP and HTTPS Ports
Command:
# diff /etc/sysconfig/iptables /etc/sysconfig/iptables.org
Result:
13,14d12
< -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Command:
# service iptables restart
Result:
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
# diff /etc/sysconfig/iptables /etc/sysconfig/iptables.org
Result:
13,14d12
< -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Command:
# service iptables restart
Result:
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
Monday, July 25, 2016
CentOS: iptables
Command:
# cat ./set_firewall
Result:
#!/bin/bash
# Flush all the chains in filter (default) table.
iptables -F
# Attempt to delete every non-builtin chain in filter (default) table.
iptables -X
# Set the policy for INPUT chain to DROP target.
iptables -P INPUT DROP
# Set the policy for FORWARD chain to DROP target.
iptables -P FORWARD DROP
# Set the policy for OUTPUT chain to ACCEPT target.
iptables -P OUTPUT ACCEPT
# Append rules to INPUT chain.
# Protocol of the rule is icmp (Internet Control Message Protocol) which is the protocol for ping.
# Target is ACCEPT.
iptables -A INPUT -p icmp -j ACCEPT
# Append rules to INPUT chain.
# The rule is for Loopback network interface.
# Target is ACCEPT.
iptables -A INPUT -i lo -j ACCEPT
# Append rules to INPUT chain.
# The rule is for tcp protocol on port 80.
# Target is ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Append rules to INPUT chain.
# The rule is for tcp protocol on port 22.
# Target is ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Append rules to INPUT chain.
# The rule for packets after session ESTABLISHED and RELATED packets.
# Target is ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Dump iptables rules to stdout
iptables-save
Command:
# ./set_firewall
Result:
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*nat
:PREROUTING ACCEPT [41489:3695453]
:INPUT ACCEPT [15:960]
:OUTPUT ACCEPT [628:160830]
:POSTROUTING ACCEPT [628:160830]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_ZONES_SOURCE - [0:0]
:POSTROUTING_direct - [0:0]
:POST_public - [0:0]
:POST_public_allow - [0:0]
:POST_public_deny - [0:0]
:POST_public_log - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES_SOURCE
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o enp0s3 -g POST_public
-A POSTROUTING_ZONES -g POST_public
-A POST_public -j POST_public_log
-A POST_public -j POST_public_deny
-A POST_public -j POST_public_allow
-A PREROUTING_ZONES -i enp0s3 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*mangle
:PREROUTING ACCEPT [58667:5285859]
:INPUT ACCEPT [58666:5285283]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28814:3788418]
:POSTROUTING ACCEPT [28814:3788418]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i enp0s3 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*security
:INPUT ACCEPT [17193:1591366]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28814:3788418]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*raw
:PREROUTING ACCEPT [58667:5285859]
:OUTPUT ACCEPT [28814:3788418]
:OUTPUT_direct - [0:0]
:PREROUTING_direct - [0:0]
-A PREROUTING -j PREROUTING_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue May 24 23:44:34 2016
Command:
# iptables -L -v
Result:
Chain INPUT (policy DROP 4 packets, 128 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
57 3900 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 29 packets, 7336 bytes)
pkts bytes target prot opt in out source destination
# cat ./set_firewall
Result:
#!/bin/bash
# Flush all the chains in filter (default) table.
iptables -F
# Attempt to delete every non-builtin chain in filter (default) table.
iptables -X
# Set the policy for INPUT chain to DROP target.
iptables -P INPUT DROP
# Set the policy for FORWARD chain to DROP target.
iptables -P FORWARD DROP
# Set the policy for OUTPUT chain to ACCEPT target.
iptables -P OUTPUT ACCEPT
# Append rules to INPUT chain.
# Protocol of the rule is icmp (Internet Control Message Protocol) which is the protocol for ping.
# Target is ACCEPT.
iptables -A INPUT -p icmp -j ACCEPT
# Append rules to INPUT chain.
# The rule is for Loopback network interface.
# Target is ACCEPT.
iptables -A INPUT -i lo -j ACCEPT
# Append rules to INPUT chain.
# The rule is for tcp protocol on port 80.
# Target is ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Append rules to INPUT chain.
# The rule is for tcp protocol on port 22.
# Target is ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Append rules to INPUT chain.
# The rule for packets after session ESTABLISHED and RELATED packets.
# Target is ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Dump iptables rules to stdout
iptables-save
Command:
# ./set_firewall
Result:
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*nat
:PREROUTING ACCEPT [41489:3695453]
:INPUT ACCEPT [15:960]
:OUTPUT ACCEPT [628:160830]
:POSTROUTING ACCEPT [628:160830]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_ZONES_SOURCE - [0:0]
:POSTROUTING_direct - [0:0]
:POST_public - [0:0]
:POST_public_allow - [0:0]
:POST_public_deny - [0:0]
:POST_public_log - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES_SOURCE
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o enp0s3 -g POST_public
-A POSTROUTING_ZONES -g POST_public
-A POST_public -j POST_public_log
-A POST_public -j POST_public_deny
-A POST_public -j POST_public_allow
-A PREROUTING_ZONES -i enp0s3 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*mangle
:PREROUTING ACCEPT [58667:5285859]
:INPUT ACCEPT [58666:5285283]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28814:3788418]
:POSTROUTING ACCEPT [28814:3788418]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i enp0s3 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*security
:INPUT ACCEPT [17193:1591366]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28814:3788418]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*raw
:PREROUTING ACCEPT [58667:5285859]
:OUTPUT ACCEPT [28814:3788418]
:OUTPUT_direct - [0:0]
:PREROUTING_direct - [0:0]
-A PREROUTING -j PREROUTING_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue May 24 23:44:34 2016
Command:
# iptables -L -v
Result:
Chain INPUT (policy DROP 4 packets, 128 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
57 3900 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 29 packets, 7336 bytes)
pkts bytes target prot opt in out source destination
Sunday, June 26, 2016
iptables: Setting Up iptables: Accept Only Output and Reject Input
Command (Checking current settings for iptables):
$ sudo iptables -L -v
[sudo] password for username:
Result:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Command (Create a script):
$ cat ~/bin/set_firewall
Result:
#!/bin/bash
#Deleting every configurations
iptables -F
iptables -X
#Default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#Accept ping
iptables -A INPUT -p icmp -j ACCEPT
#Accept loopback
iptables -A INPUT -i lo -j ACCEPT
#Open using ports
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#After session is established, let packets through
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Save the configurations
iptables-save
$ sudo iptables -L -v
[sudo] password for username:
Result:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Command (Create a script):
$ cat ~/bin/set_firewall
Result:
#!/bin/bash
#Deleting every configurations
iptables -F
iptables -X
#Default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#Accept ping
iptables -A INPUT -p icmp -j ACCEPT
#Accept loopback
iptables -A INPUT -i lo -j ACCEPT
#Open using ports
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#After session is established, let packets through
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Save the configurations
iptables-save
Command (Add execution mode):
$ sudo chmod +x ./set_firewall
Command (Execute the script):
$ sudo ./set_firewall
Result:
# Generated by iptables-save v1.6.0 on Sun Jun 26 11:24:41 2016
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sun Jun 26 11:24:41 2016
Command (Checking current settings for iptables):
$ sudo iptables -L -v
[sudo] password for username:
Result:
Chain INPUT (policy DROP 376K packets, 21M bytes)
pkts bytes target prot opt in out source destination
262 15437 ACCEPT icmp -- any any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
637 35360 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
17217 2332K ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 17561 packets, 3529K bytes)
pkts bytes target prot opt in out source destination
Command (Checking current settings for iptables):
$ sudo iptables -L -v
[sudo] password for username:
Result:
Chain INPUT (policy DROP 376K packets, 21M bytes)
pkts bytes target prot opt in out source destination
262 15437 ACCEPT icmp -- any any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
637 35360 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
17217 2332K ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 17561 packets, 3529K bytes)
pkts bytes target prot opt in out source destination
Subscribe to:
Posts (Atom)