# Generated by iptables-save v1.4.7 on Sat Sep 29 14:34:04 2012 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [3763472:853134022] :AllowIP - [0:0] :Allowed - [0:0] :Bastards - [0:0] :Dmz - [0:0] :DropBastards - [0:0] :DropDDOS - [0:0] :DropInvalid - [0:0] :DropJail - [0:0] :DropScan - [0:0] :Jail - [0:0] :Private - [0:0] :Public - [0:0] :ValidCheck - [0:0] :fail2ban-SSH - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -j Jail -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -j ValidCheck -A INPUT -j Dmz -A INPUT -j Bastards -A INPUT -j Public -A INPUT -j AllowIP -A INPUT ! -d 0.0.0.255/0.0.0.255 -m limit --limit 1/min -j LOG --log-prefix "iptables: Block:" -A INPUT -j DROP -A AllowIP -s 192.168.0.0/16 -m state --state NEW -j Allowed -A AllowIP -s 172.16.0.0/12 -m state --state NEW -j Allowed -A AllowIP -s 10.0.0.0/8 -m state --state NEW -j Allowed -A AllowIP -s 129.101.159.128/26 -m state --state NEW -j Allowed -A AllowIP -s 129.101.142.128/26 -m state --state NEW -j Allowed -A AllowIP -s 129.101.170.53/32 -m state --state NEW -j Allowed -A AllowIP -s 129.101.112.0/24 -m state --state NEW -j Allowed -A AllowIP -j RETURN -A Allowed -p icmp -m state --state NEW -m icmp --icmp-type 0 -j ACCEPT -A Allowed -p icmp -m state --state NEW -m icmp --icmp-type 3 -j ACCEPT -A Allowed -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT -A Allowed -p icmp -m state --state NEW -m icmp --icmp-type 11 -j ACCEPT -A Allowed -j Private -A Allowed ! -d 0.0.0.255/0.0.0.255 -m limit --limit 1/min -j LOG --log-prefix "iptables: Authorized:" -A Allowed -j ACCEPT -A Bastards -j RETURN -A Dmz -i eth0 -j ACCEPT -A Dmz -j RETURN -A DropBastards ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Bastards:" -A DropBastards -j DROP -A DropDDOS ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: DDOS detected:" -A DropDDOS -j DROP -A DropInvalid ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Invalid:" -A DropInvalid -j DROP -A DropJail ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Jail:" -A DropJail -j DROP -A DropScan ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Scan detected:" -A DropScan -j DROP -A Jail -p tcp -m tcp --dport 22 -j fail2ban-SSH -A Jail -j RETURN -A Private -p tcp -m state --state NEW -m tcp --dport 22 -j RETURN -A Private ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Unauthorized:" -A Private -j DROP -A Public -j RETURN -A ValidCheck -m state --state INVALID -j DropInvalid -A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags ACK,URG URG -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,PSH,URG -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DropScan -A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DropScan -A ValidCheck -p tcp -m tcp --tcp-option 64 -j DropScan -A ValidCheck -p tcp -m tcp --tcp-option 128 -j DropScan -A ValidCheck -p tcp -m tcp ! --dport 2049 -m multiport --sports 20,21,22,23,80,110,143,443,993,995 -j DropDDOS -A ValidCheck -p udp -m udp ! --dport 2049 -m multiport --sports 20,21,22,23,80,110,143,443,993,995 -j DropDDOS -A ValidCheck -j RETURN -A fail2ban-SSH -j RETURN COMMIT # Completed on Sat Sep 29 14:34:04 2012