-# Generated by iptables-save v1.6.0 on Wed Jul 19 08:54:03 2017
+# Generated by iptables-save v1.6.0 on Thu Jul 20 10:19:41 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [68:14205]
+:OUTPUT ACCEPT [71:11710]
:f2b-apache - [0:0]
+:rejects - [0:0]
-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache
-A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
--A INPUT -p tcp -m multiport --dports 23 -j REJECT --reject-with icmp-port-unreachable
+-A INPUT -j rejects
-A INPUT -p tcp -m multiport --dports 445 -j REJECT --reject-with icmp-port-unreachable
--A INPUT -j NFLOG --nflog-prefix "INPUT Reject " --nflog-threshold 1
-A INPUT -j REJECT --reject-with icmp-port-unreachable
+-A rejects -s 134.119.179.226/32 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 23 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 445 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 137 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 1433 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 1900 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 2323 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 3389 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p udp -m udp --dport 5060 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable
COMMIT
-# Completed on Wed Jul 19 08:54:03 2017
+# Completed on Thu Jul 20 10:19:41 2017
-# Generated by ip6tables-save v1.6.0 on Wed Jul 19 08:54:03 2017
+# Generated by ip6tables-save v1.6.0 on Thu Jul 20 10:19:41 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [21768:7981252]
+:OUTPUT ACCEPT [49648:18025916]
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A FORWARD -j NFLOG --nflog-prefix "IPv6 FORWARD Reject " --nflog-threshold 1
-A FORWARD -j REJECT --reject-with icmp6-port-unreachable
COMMIT
-# Completed on Wed Jul 19 08:54:03 2017
+# Completed on Thu Jul 20 10:19:41 2017
# Set this to enable a filter on iptables/ipchains displays
# This will block out hosts who have less than the specified
# number of hits between all ports. Defaults to 0.
-$iptables_host_min_count = 0
+$iptables_host_min_count = 5
# If both of the following settings are enabled, two output lists
# will be produced. If none is set, the old style output is prduced.
# Set this to generate old style output (sorted by source hosts)
-#$iptables_list_by_host = 0
+$iptables_list_by_host = 1
# Set this to generate new style output (sorted by targeted service)
$iptables_list_by_service = 1
projects / config / ns1 / etc.git / commitdiff