-# Generated by iptables-save v1.6.1 on Sat Sep 8 08:56:14 2018
+# Generated by iptables-save v1.6.1 on Mon Sep 10 09:36:11 2018
+*nat
+:PREROUTING ACCEPT [738:307739]
+:INPUT ACCEPT [647:302131]
+:OUTPUT ACCEPT [2377:231463]
+:POSTROUTING ACCEPT [2390:230591]
+-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
+-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
+-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
+-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
+-A POSTROUTING -o eth1 -j MASQUERADE
+COMMIT
+# Completed on Mon Sep 10 09:36:11 2018
+# Generated by iptables-save v1.6.1 on Mon Sep 10 09:36:11 2018
+*mangle
+:PREROUTING ACCEPT [29110:23617436]
+:INPUT ACCEPT [28972:23609086]
+:FORWARD ACCEPT [77:5730]
+:OUTPUT ACCEPT [18987:2640204]
+:POSTROUTING ACCEPT [19717:2724769]
+-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+COMMIT
+# Completed on Mon Sep 10 09:36:11 2018
+# Generated by iptables-save v1.6.1 on Mon Sep 10 09:36:11 2018
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [12549:2037978]
+:OUTPUT ACCEPT [26:2734]
:ssh_spam - [0:0]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
+-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
+-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
+-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
+-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ssh_spam
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
+-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
+-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
+-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
+-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -j NFLOG --nflog-prefix "FORWARD Drop " --nflog-threshold 1
-A FORWARD -j DROP
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
+-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A ssh_spam -s 216.32.92.138/32 -j DROP
--A ssh_spam -s 133.9.187.135/32 -j DROP
+-A ssh_spam -s 133.9.187.135/32 -m comment --comment "Waseda-Net Japan" -j DROP
-A ssh_spam -s 125.65.42.0/24 -j DROP
-A ssh_spam -s 61.184.0.0/16 -j DROP
-A ssh_spam -s 61.183.0.0/16 -j DROP
-A ssh_spam -s 106.51.0.0/17 -j DROP
-A ssh_spam -s 93.183.207.0/24 -j DROP
-A ssh_spam -s 106.240.0.0/12 -j DROP
+-A ssh_spam -s 58.208.0.0/13 -m comment --comment CHINANET-JS -j DROP
COMMIT
-# Completed on Sat Sep 8 08:56:14 2018
-# Generated by iptables-save v1.6.1 on Sat Sep 8 08:56:14 2018
-*mangle
-:PREROUTING ACCEPT [4147926:1783697462]
-:INPUT ACCEPT [4138943:1783249271]
-:FORWARD ACCEPT [860:85551]
-:OUTPUT ACCEPT [1507972:309460513]
-:POSTROUTING ACCEPT [1716341:333808167]
--A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-COMMIT
-# Completed on Sat Sep 8 08:56:14 2018
-# Generated by iptables-save v1.6.1 on Sat Sep 8 08:56:14 2018
-*nat
-:PREROUTING ACCEPT [251857:120251084]
-:INPUT ACCEPT [242673:119791895]
-:OUTPUT ACCEPT [172111:34294620]
-:POSTROUTING ACCEPT [167146:33201777]
--A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
--A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
--A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
--A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
--A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
--A POSTROUTING -o eth1 -j MASQUERADE
-COMMIT
-# Completed on Sat Sep 8 08:56:14 2018
+# Completed on Mon Sep 10 09:36:11 2018
-# Generated by ip6tables-save v1.6.1 on Sat Sep 8 08:56:14 2018
+# Generated by ip6tables-save v1.6.1 on Mon Sep 10 09:36:11 2018
+*mangle
+:PREROUTING ACCEPT [196:39445]
+:INPUT ACCEPT [97:18102]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [122:16450]
+:POSTROUTING ACCEPT [193:29388]
+COMMIT
+# Completed on Mon Sep 10 09:36:11 2018
+# Generated by ip6tables-save v1.6.1 on Mon Sep 10 09:36:11 2018
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [992:120194]
+:OUTPUT ACCEPT [122:16450]
:f_mail - [0:0]
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED -j ACCEPT
-A f_mail -j NFLOG --nflog-prefix "IPv6 F_MAIL Reject " --nflog-threshold 1
-A f_mail -j REJECT --reject-with icmp6-port-unreachable
COMMIT
-# Completed on Sat Sep 8 08:56:14 2018
-# Generated by ip6tables-save v1.6.1 on Sat Sep 8 08:56:14 2018
-*mangle
-:PREROUTING ACCEPT [20964:7428896]
-:INPUT ACCEPT [2281:389623]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [992:120194]
-:POSTROUTING ACCEPT [1736:224931]
-COMMIT
-# Completed on Sat Sep 8 08:56:14 2018
+# Completed on Mon Sep 10 09:36:11 2018
projects / config / bruni / etc-mint.git / commitdiff