Current state

diff --git a/iptables/rules.v4 b/iptables/rules.v4
index 2832861cfdba0c2c373a940a0eefa6a697c984bd..786bfc4eb4bc93476b52301220eb6264f0039b51 100644 (file)
--- a/iptables/rules.v4
+++ b/iptables/rules.v4
@@ -1,14 +1,24 @@
-# Generated by iptables-save v1.6.0 on Tue Jul 18 10:00:50 2017
+# Generated by iptables-save v1.6.0 on Tue Jul 18 13:43:18 2017
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [12:1256]
-:fail2ban-postfix - [0:0]
-:fail2ban-ssh - [0:0]
--A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
--A INPUT -p tcp -m multiport --dports 25,465,587 -j fail2ban-postfix
--A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
--A INPUT -p tcp -m multiport --dports 25,465,587 -j fail2ban-postfix
+:OUTPUT ACCEPT [152:55101]
+:f2b-apache - [0:0]
+:f2b-apache-modsecurity - [0:0]
+:f2b-apache-nohome - [0:0]
+:f2b-apache-noscript - [0:0]
+:f2b-apache-overflows - [0:0]
+:f2b-postfix - [0:0]
+:f2b-ssh - [0:0]
+:f2b-sshd - [0:0]
+-A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh
+-A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix
+-A INPUT -p tcp -m multiport --dports 0:65535 -j f2b-sshd
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-nohome
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-overflows
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-noscript
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache
 -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
@@ -20,11 +30,17 @@
 -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
+-A INPUT -p tcp -m multiport --dports 445 -j REJECT --reject-with icmp-port-unreachable
+-A INPUT -p tcp -m multiport --dports 23 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -j NFLOG --nflog-prefix  "INPUT Reject " --nflog-threshold 1
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
--A fail2ban-postfix -j RETURN
--A fail2ban-postfix -j RETURN
--A fail2ban-ssh -j RETURN
--A fail2ban-ssh -j RETURN
+-A f2b-apache -j RETURN
+-A f2b-apache-modsecurity -j RETURN
+-A f2b-apache-nohome -j RETURN
+-A f2b-apache-noscript -j RETURN
+-A f2b-apache-overflows -j RETURN
+-A f2b-postfix -j RETURN
+-A f2b-ssh -j RETURN
+-A f2b-sshd -j RETURN
 COMMIT
-# Completed on Tue Jul 18 10:00:50 2017
+# Completed on Tue Jul 18 13:43:18 2017

diff --git a/iptables/rules.v6 b/iptables/rules.v6
index 703cc976d629682280dd33daa78043523c473eb0..a87d24083ec0f450b07b0e3ecc0d7547717293bb 100644 (file)
--- a/iptables/rules.v6
+++ b/iptables/rules.v6
@@ -1,7 +1,7 @@
-# Generated by ip6tables-save v1.6.0 on Tue Jul 18 10:00:50 2017
+# Generated by ip6tables-save v1.6.0 on Tue Jul 18 13:43:18 2017
 *filter
-:INPUT ACCEPT [0:0]
+:INPUT ACCEPT [1:49]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [13:721]
 COMMIT
-# Completed on Tue Jul 18 10:00:50 2017
+# Completed on Tue Jul 18 13:43:18 2017