Re: [gentoo-user] init.d/iptables save

Sun, 19 Oct 2003 22:12:50 -0700 

On Sunday 19 October 2003 10:33 pm, Jason Stubbs wrote:

$iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j 
MASQUERADE

| What does /var/lib/iptables/rules-save say?

# Generated by iptables-save v1.2.8 on Mon Oct 20 00:17:20 2003
*nat
:PREROUTING ACCEPT [3:228]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
[3:228] -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o ppp0 -j 
MASQUERADE
COMMIT
# Completed on Mon Oct 20 00:17:20 2003
# Generated by iptables-save v1.2.8 on Mon Oct 20 00:17:20 2003
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
[88:5356] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -f -j LOG --log-prefix "IPTABLES FRAGMENTS: "
[0:0] -A INPUT -f -j DROP
[0:0] -A INPUT -p tcp -m tcp --dport 113 -m state --state NEW -j 
REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 31 -m state --state NEW 
-j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 19150 -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 111 -m state --state NEW 
-j ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 111 -m state --state NEW 
-j ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 636 -m state --state NEW 
-j ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 739 -m state --state NEW 
-j ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 690 -m state --state NEW 
-j ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 2049 -m state --state NEW 
-j ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 123 -m state --state NEW 
-j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 143 -m state --state NEW 
-j ACCEPT
[0:0] -A INPUT -i lo -j ACCEPT
[0:0] -A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
[0:0] -A INPUT -m limit --limit 5/min -j LOG
[5:372] -A FORWARD -i eth0 -o ppp0 -m state --state 
NEW,RELATED,ESTABLISHED -j ACCEPT
[5:543] -A FORWARD -i ppp0 -o eth0 -m state --state 
RELATED,ESTABLISHED -j ACCEPT
[71:7323] -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
[0:0] -A OUTPUT -o lo -j ACCEPT
COMMIT
# Completed on Mon Oct 20 00:17:20 2003

Attachment: pgp00000.pgp
Description: signature

Reply via email to