View Single Post
  #13  
Old 5th May 2008, 20:55
snewp snewp is offline
Junior Member
 
Join Date: Apr 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state ESTABLISHED
ACCEPT tcp -- anywhere anywhere state RELATED tcp dpts:1024:65535
ACCEPT udp -- anywhere anywhere state RELATED udp dpts:1024:65535
ACCEPT icmp -- anywhere anywhere state RELATED
HOST_BLOCK 0 -- anywhere anywhere
SPOOF_CHK 0 -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp dpt:www state NEW limit: avg 3/min burst 15 LOG level info prefix `TCP INPUT log: '
LOG tcp -- anywhere anywhere tcp dpt:auth state NEW limit: avg 3/min burst 15 LOG level info prefix `TCP INPUT log: '
LOG tcp -- anywhere anywhere tcp dpt:4545 state NEW limit: avg 3/min burst 15 LOG level info prefix `TCP INPUT log: '
LOG tcp -- anywhere anywhere tcp dpt:https state NEW limit: avg 3/min burst 15 LOG level info prefix `TCP INPUT log: '
LOG tcp -- anywhere anywhere tcp dpts:12000:24444 state NEW limit: avg 3/min burst 15 LOG level info prefix `TCP INPUT log: '
VALID_CHK 0 -- anywhere anywhere
EXT_INPUT_CHAIN !icmp -- anywhere anywhere state NEW
EXT_INPUT_CHAIN icmp -- anywhere anywhere state NEW limit: avg 20/sec burst 100
EXT_ICMP_CHAIN icmp -- anywhere anywhere state NEW
LOG 0 -- anywhere anywhere limit: avg 1/sec burst 5 LOG level info prefix `Dropped INPUT packet: '
DROP 0 -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT 0 -- anywhere anywhere state ESTABLISHED
ACCEPT tcp -- anywhere anywhere state RELATED tcp dpts:1024:65535
ACCEPT udp -- anywhere anywhere state RELATED udp dpts:1024:65535
ACCEPT icmp -- anywhere anywhere state RELATED
HOST_BLOCK 0 -- anywhere anywhere
SPOOF_CHK 0 -- anywhere anywhere
VALID_CHK 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 1/min burst 3 LOG level info prefix `Dropped FORWARD packet: '
DROP 0 -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT 0 -- anywhere anywhere state ESTABLISHED
LOG 0 -f anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FRAGMENTED PACKET (OUT): '
DROP 0 -f anywhere anywhere
EXT_OUTPUT_CHAIN 0 -- anywhere anywhere

Chain EXT_ICMP_CHAIN (1 references)
target prot opt source destination
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 12/hour burst 1 LOG level info prefix `ICMP-request(ping) flood: '
LOG icmp -- anywhere anywhere icmp destination-unreachable limit: avg 12/hour burst 1 LOG level info prefix `ICMP-unreachable flood: '
LOG icmp -- anywhere anywhere icmp source-quench limit: avg 12/hour burst 1 LOG level info prefix `ICMP-source-quench flood: '
LOG icmp -- anywhere anywhere icmp time-exceeded limit: avg 12/hour burst 1 LOG level info prefix `ICMP-time-exceeded flood: '
LOG icmp -- anywhere anywhere icmp parameter-problem limit: avg 12/hour burst 1 LOG level info prefix `ICMP-param.-problem flood: '
DROP icmp -- anywhere anywhere icmp echo-request
DROP icmp -- anywhere anywhere icmp destination-unreachable
DROP icmp -- anywhere anywhere icmp source-quench
DROP icmp -- anywhere anywhere icmp time-exceeded
DROP icmp -- anywhere anywhere icmp parameter-problem
LOG icmp -- anywhere anywhere limit: avg 12/hour burst 1 LOG level info prefix `ICMP(other) flood: '
DROP icmp -- anywhere anywhere

Chain EXT_INPUT_CHAIN (2 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp dpt:0 limit: avg 6/hour burst 1 LOG level info prefix `TCP port 0 OS fingerprint: '
LOG udp -- anywhere anywhere udp dpt:0 limit: avg 6/hour burst 1 LOG level info prefix `UDP port 0 OS fingerprint: '
DROP tcp -- anywhere anywhere tcp dpt:0
DROP udp -- anywhere anywhere udp dpt:0
LOG tcp -- anywhere anywhere tcp spt:0 limit: avg 6/hour burst 5 LOG level info prefix `TCP source port 0: '
LOG udp -- anywhere anywhere udp spt:0 limit: avg 6/hour burst 5 LOG level info prefix `UDP source port 0: '
DROP tcp -- anywhere anywhere tcp spt:0
DROP udp -- anywhere anywhere udp spt:0
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:4545
ACCEPT tcp -- anywhere anywhere tcp dpts:12000:24444
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 3/min burst 1 LOG level info prefix `ICMP-request: '
LOG icmp -- anywhere anywhere icmp destination-unreachable limit: avg 12/hour burst 1 LOG level info prefix `ICMP-unreachable: '
LOG icmp -- anywhere anywhere icmp source-quench limit: avg 12/hour burst 1 LOG level info prefix `ICMP-source-quench: '
LOG icmp -- anywhere anywhere icmp time-exceeded limit: avg 12/hour burst 1 LOG level info prefix `ICMP-time-exceeded: '
LOG icmp -- anywhere anywhere icmp parameter-problem limit: avg 12/hour burst 1 LOG level info prefix `ICMP-param.-problem: '
LOG tcp -- anywhere anywhere tcp dpts:1024:65535 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth scan (UNPRIV)?: '
LOG tcp -- anywhere anywhere tcp dpts:0:1023 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth scan (PRIV)?: '
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (PRIV): '
LOG udp -- anywhere anywhere udp dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (PRIV): '
LOG tcp -- anywhere anywhere tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (UNPRIV): '
LOG udp -- anywhere anywhere udp dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (UNPRIV): '
DROP tcp -- anywhere anywhere
DROP udp -- anywhere anywhere
DROP icmp -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 1/min burst 5 LOG level info prefix `Other-IP connection attempt: '
DROP 0 -- anywhere anywhere

Chain EXT_OUTPUT_CHAIN (1 references)
target prot opt source destination

Chain HOST_BLOCK (2 references)
target prot opt source destination

Chain MAC_FILTER (0 references)
target prot opt source destination

Chain RESERVED_NET_CHK (0 references)
target prot opt source destination
LOG 0 -- 10.0.0.0/8 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class A address: '
LOG 0 -- 172.16.0.0/12 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class B address: '
LOG 0 -- 192.168.0.0/16 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class C address: '
LOG 0 -- link-local/16 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class M$ address: '
DROP 0 -- 10.0.0.0/8 anywhere
DROP 0 -- 172.16.0.0/12 anywhere
DROP 0 -- 192.168.0.0/16 anywhere
DROP 0 -- link-local/16 anywhere

Chain SPOOF_CHK (2 references)
target prot opt source destination
RETURN 0 -- anywhere anywhere

Chain VALID_CHK (2 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS scan: '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS-PSH scan: '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS-ALL scan: '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg 3/min burst 5 LOG level info prefix `Stealth FIN scan: '
LOG tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST limit: avg 3/min burst 5 LOG level info prefix `Stealth SYN/RST scan: '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth SYN/FIN scan(?): '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg 3/min burst 5 LOG level info prefix `Stealth Null scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
LOG tcp -- anywhere anywhere tcp option=64 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP flag(64): '
LOG tcp -- anywhere anywhere tcp option=128 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP flag(128): '
DROP tcp -- anywhere anywhere tcp option=64
DROP tcp -- anywhere anywhere tcp option=128
DROP 0 -- anywhere anywhere state INVALID
LOG 0 -f anywhere anywhere limit: avg 3/min burst 1 LOG level warning prefix `Fragmented packet: '
DROP 0 -f anywhere anywhere

Chain allow-www-traffic-in (0 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere limit: avg 1/sec burst 5 tcp dpt:www flags:FIN,SYN,RST,PSH,ACK,URG/FIN
ACCEPT tcp -- anywhere anywhere limit: avg 1/sec burst 5 tcp dpt:www flags:FIN,SYN,RST,PSH,ACK,URG/SYN
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpt:webcache
Reply With Quote