From: Frank Brehm <frank@brehm-online.com>
Date: Tue, 18 Jul 2017 13:47:24 +0000 (+0200)
Subject: Current state
X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=11d9cbcdc1f4569be7cc9f72ee516df1f4bdf24e;p=config%2Fns2%2Fetc.git

Current state
---

diff --git a/iptables/rules.v4 b/iptables/rules.v4
index 2832861..786bfc4 100644
--- a/iptables/rules.v4
+++ b/iptables/rules.v4
@@ -1,14 +1,24 @@
-# Generated by iptables-save v1.6.0 on Tue Jul 18 10:00:50 2017
+# Generated by iptables-save v1.6.0 on Tue Jul 18 13:43:18 2017
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [12:1256]
-:fail2ban-postfix - [0:0]
-:fail2ban-ssh - [0:0]
--A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
--A INPUT -p tcp -m multiport --dports 25,465,587 -j fail2ban-postfix
--A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
--A INPUT -p tcp -m multiport --dports 25,465,587 -j fail2ban-postfix
+:OUTPUT ACCEPT [152:55101]
+:f2b-apache - [0:0]
+:f2b-apache-modsecurity - [0:0]
+:f2b-apache-nohome - [0:0]
+:f2b-apache-noscript - [0:0]
+:f2b-apache-overflows - [0:0]
+:f2b-postfix - [0:0]
+:f2b-ssh - [0:0]
+:f2b-sshd - [0:0]
+-A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh
+-A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix
+-A INPUT -p tcp -m multiport --dports 0:65535 -j f2b-sshd
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-nohome
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-overflows
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-noscript
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache
 -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
@@ -20,11 +30,17 @@
 -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
+-A INPUT -p tcp -m multiport --dports 445 -j REJECT --reject-with icmp-port-unreachable
+-A INPUT -p tcp -m multiport --dports 23 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -j NFLOG --nflog-prefix  "INPUT Reject " --nflog-threshold 1
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
--A fail2ban-postfix -j RETURN
--A fail2ban-postfix -j RETURN
--A fail2ban-ssh -j RETURN
--A fail2ban-ssh -j RETURN
+-A f2b-apache -j RETURN
+-A f2b-apache-modsecurity -j RETURN
+-A f2b-apache-nohome -j RETURN
+-A f2b-apache-noscript -j RETURN
+-A f2b-apache-overflows -j RETURN
+-A f2b-postfix -j RETURN
+-A f2b-ssh -j RETURN
+-A f2b-sshd -j RETURN
 COMMIT
-# Completed on Tue Jul 18 10:00:50 2017
+# Completed on Tue Jul 18 13:43:18 2017
diff --git a/iptables/rules.v6 b/iptables/rules.v6
index 703cc97..a87d240 100644
--- a/iptables/rules.v6
+++ b/iptables/rules.v6
@@ -1,7 +1,7 @@
-# Generated by ip6tables-save v1.6.0 on Tue Jul 18 10:00:50 2017
+# Generated by ip6tables-save v1.6.0 on Tue Jul 18 13:43:18 2017
 *filter
-:INPUT ACCEPT [0:0]
+:INPUT ACCEPT [1:49]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [13:721]
 COMMIT
-# Completed on Tue Jul 18 10:00:50 2017
+# Completed on Tue Jul 18 13:43:18 2017