# Generated by iptables-save v1.4.21 on Thu Jun 29 18:03:06 2017 *raw :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :port_assignment - [0:0] -A PREROUTING -j port_assignment -A OUTPUT -j port_assignment -A port_assignment -p tcp -m tcp --dport 1723 -j CT --helper pptp COMMIT # Completed on Thu Jun 29 18:03:06 2017 # Generated by iptables-save v1.4.21 on Thu Jun 29 18:03:06 2017 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :CUST_I15_IN - [0:0] :CUST_I15_OUT - [0:0] :CUST_I16_IN - [0:0] :CUST_I16_OUT - [0:0] :L_ACCEPT - [0:0] :L_DROP - [0:0] :L_REJECT - [0:0] :VPN_USERS_IN - [0:0] :VPN_USERS_OUT - [0:0] -A INPUT -m conntrack --ctstate INVALID -j L_DROP -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j L_ACCEPT -A INPUT -i lo -j L_ACCEPT -A INPUT -s 10.78.129.130/32 -p tcp -m tcp --dport 5666 -j L_ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,80,443,873,1723 -j L_ACCEPT -A INPUT -p udp -m udp -m multiport --dports 500,1701,4500 -j L_ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j L_ACCEPT -A INPUT -s 10.31.70.8/29 -i bond0.208 -p tcp -m tcp --dport 179 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT -A INPUT -s 10.44.224.8/29 -i bond0.686 -p tcp -m tcp --dport 179 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT -A INPUT -p esp -j L_ACCEPT -A INPUT -s 168.209.255.75/32 -p gre -j L_ACCEPT -A INPUT -s 168.209.255.106/32 -p gre -j L_ACCEPT -A INPUT -s 10.35.167.46/32 -p gre -j L_ACCEPT -A INPUT -s 10.35.167.45/32 -p gre -j L_ACCEPT -A INPUT -i gre-wbcore -j L_ACCEPT -A INPUT -i gre-davo-+ -j L_ACCEPT -A INPUT -i bond0.208 -j L_DROP -A INPUT -i bond0.686 -j L_DROP -A INPUT -j L_ACCEPT -A FORWARD -i bond0.10 -j ACCEPT -A FORWARD -m conntrack --ctstate INVALID -j L_DROP -A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j L_ACCEPT -A FORWARD -d 10.31.63.80/30 -o bond0.10 -j L_ACCEPT -A FORWARD -o bond0.11 -j CUST_I16_IN -A FORWARD -i bond0.11 -j CUST_I16_OUT -A FORWARD -o bond0.12 -j CUST_I15_IN -A FORWARD -i bond0.12 -j CUST_I15_OUT -A FORWARD -s 192.168.255.0/24 -i ppp+ -o bond0.208 -j L_DROP -A FORWARD -s 192.168.255.0/24 -i ppp+ -o bond0.686 -j L_DROP -A FORWARD -j L_ACCEPT -A CUST_I15_IN -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT -A CUST_I15_IN -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT -A CUST_I15_IN -p tcp -m tcp --dport 433 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT -A CUST_I15_IN -p tcp -m tcp --dport 3306 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT -A CUST_I15_IN -p tcp -m tcp --dport 3390 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT -A CUST_I15_IN -j L_DROP -A CUST_I15_OUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,443 -j L_ACCEPT -A CUST_I15_OUT -j L_DROP -A CUST_I16_IN -p tcp -m tcp --dport 3390 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT -A CUST_I16_IN -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j L_ACCEPT -A CUST_I16_IN -p icmp -m icmp --icmp-type 8 -j L_ACCEPT -A CUST_I16_IN -j L_DROP -A CUST_I16_OUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,443 -j L_ACCEPT -A CUST_I16_OUT -d 154.73.34.12/32 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 25 -j L_ACCEPT -A CUST_I16_OUT -j L_DROP -A L_ACCEPT -j NFLOG --nflog-group 1 --nflog-threshold 5 -A L_ACCEPT -j ACCEPT -A L_DROP -j LOG --log-prefix "L_DROP: " -A L_DROP -j NFLOG --nflog-group 2 --nflog-threshold 5 -A L_DROP -j DROP -A L_REJECT -j NFLOG --nflog-group 3 --nflog-threshold 5 -A L_REJECT -j REJECT --reject-with icmp-port-unreachable -A VPN_USERS_IN -i ppp0 -m comment --comment "User: " -j ACCEPT -A VPN_USERS_OUT -o ppp0 -m comment --comment "User: " -j ACCEPT COMMIT # Completed on Thu Jun 29 18:03:06 2017