247 lines
14 KiB
Plaintext
247 lines
14 KiB
Plaintext
# Generated by iptables-save v1.8.4 on Tue Oct 20 17:37:31 2020
|
|
*filter
|
|
:INPUT DROP [0:0]
|
|
:FORWARD DROP [0:0]
|
|
:OUTPUT DROP [0:0]
|
|
:HONEYPOT - [0:0]
|
|
:DSHIELD - [0:0]
|
|
:BDEALL - [0:0]
|
|
:SPAMDROP - [0:0]
|
|
:CRYPTOPHP - [0:0]
|
|
:EMAILSPAMMERS - [0:0]
|
|
:BFB - [0:0]
|
|
:BOGON - [0:0]
|
|
:BDE - [0:0]
|
|
:BADBOTS - [0:0]
|
|
:SPAMEDROP - [0:0]
|
|
:TOREXITNODES - [0:0]
|
|
:MAXMIND - [0:0]
|
|
:PORTFLOOD - [0:0]
|
|
:LOGDROPIN - [0:0]
|
|
:LOGDROPOUT - [0:0]
|
|
:DENYIN - [0:0]
|
|
:DENYOUT - [0:0]
|
|
:ALLOWIN - [0:0]
|
|
:ALLOWOUT - [0:0]
|
|
:LOCALINPUT - [0:0]
|
|
:LOCALOUTPUT - [0:0]
|
|
:INVDROP - [0:0]
|
|
:INVALID - [0:0]
|
|
:SMTPOUTPUT - [0:0]
|
|
:DOCKER - [0:0]
|
|
-A INPUT ! -i lo -p tcp -m tcp --dport 8889 -m limit --limit 15/min --limit-burst 150 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m tcp --dport 8888 -m limit --limit 15/min --limit-burst 150 -j ACCEPT
|
|
-A INPUT ! -i lo -j LOCALINPUT
|
|
-A INPUT -i lo -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -j INVALID
|
|
-A INPUT ! -i lo -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -m recent --set --name 25 --mask 255.255.255.255 --rsource
|
|
-A INPUT ! -i lo -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 5 --hitcount 15 --name 25 --mask 255.255.255.255 --rsource -j PORTFLOOD
|
|
-A INPUT ! -i lo -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
|
|
-A INPUT ! -i lo -p icmp -m icmp --icmp-type 8 -j LOGDROPIN
|
|
-A INPUT ! -i lo -p icmp -j ACCEPT
|
|
-A INPUT ! -i lo -m conntrack --ctstate RELATED -m helper --helper ftp -j ACCEPT
|
|
-A INPUT ! -i lo -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 20 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 21 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 22 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 25 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 26 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 53 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 88 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 110 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 143 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 443 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 465 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 587 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 904 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 953 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 992 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 993 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 995 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 1907:1909 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 1723 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 1986 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 2082 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 2083 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 2086 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 2087 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 2095 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 2096 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 8080 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 8443 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 8800 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 8988 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 9391 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 65534 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 5080 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 5665 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 5666 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 5222 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 5269 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 52222 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 40000:40100 -j ACCEPT
|
|
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 11898 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 20 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 21 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 53 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 67 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 68 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 123 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 161 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 500 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 514 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 517 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 518 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 1194 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 1514 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 1701 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 1981 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 4500 -j ACCEPT
|
|
-A INPUT ! -i lo -p udp -m conntrack --ctstate NEW -m udp --dport 33434:33523 -j ACCEPT
|
|
-A INPUT ! -i lo -j LOGDROPIN
|
|
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
|
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
|
|
-A FORWARD -i docker0 -o docker0 -j ACCEPT
|
|
-A OUTPUT ! -o lo -p tcp -m tcp --sport 8889 -m limit --limit 15/min --limit-burst 150 -j ACCEPT
|
|
-A OUTPUT ! -o lo -p tcp -m tcp --sport 8888 -m limit --limit 15/min --limit-burst 150 -j ACCEPT
|
|
-A OUTPUT ! -o lo -j LOCALOUTPUT
|
|
-A OUTPUT ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT
|
|
-A OUTPUT ! -o lo -p udp -m udp --dport 53 -j ACCEPT
|
|
-A OUTPUT ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT
|
|
-A OUTPUT ! -o lo -p udp -m udp --sport 53 -j ACCEPT
|
|
-A OUTPUT -j SMTPOUTPUT
|
|
-A OUTPUT -o lo -j ACCEPT
|
|
-A OUTPUT ! -o lo -p tcp -j INVALID
|
|
-A OUTPUT ! -o lo -p icmp -j ACCEPT
|
|
-A OUTPUT ! -o lo -m conntrack --ctstate RELATED -m helper --helper ftp -j ACCEPT
|
|
-A OUTPUT ! -o lo -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
-A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 1:65535 -j ACCEPT
|
|
-A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW -m udp --dport 1:65535 -j ACCEPT
|
|
-A OUTPUT ! -o lo -j LOGDROPOUT
|
|
-A HONEYPOT -m set --match-set bl_HONEYPOT src -j DROP
|
|
-A DSHIELD -m set --match-set bl_DSHIELD src -j DROP
|
|
-A BDEALL -m set --match-set bl_BDEALL src -j DROP
|
|
-A SPAMDROP -m set --match-set bl_SPAMDROP src -j DROP
|
|
-A CRYPTOPHP -m set --match-set bl_CRYPTOPHP src -j DROP
|
|
-A EMAILSPAMMERS -m set --match-set bl_EMAILSPAMMERS src -j DROP
|
|
-A BFB -m set --match-set bl_BFB src -j DROP
|
|
-A BOGON -m set --match-set bl_BOGON src -j DROP
|
|
-A BDE -m set --match-set bl_BDE src -j DROP
|
|
-A BADBOTS -m set --match-set bl_BADBOTS src -j DROP
|
|
-A SPAMEDROP -m set --match-set bl_SPAMEDROP src -j DROP
|
|
-A TOREXITNODES -m set --match-set bl_TOREXITNODES src -j DROP
|
|
-A MAXMIND -m set --match-set bl_MAXMIND src -j DROP
|
|
-A PORTFLOOD -m limit --limit 30/min -j LOG --log-prefix "Firewall: *Port Flood* "
|
|
-A PORTFLOOD -j DROP
|
|
-A LOGDROPIN -p tcp -m tcp --dport 67 -j DROP
|
|
-A LOGDROPIN -p udp -m udp --dport 67 -j DROP
|
|
-A LOGDROPIN -p tcp -m tcp --dport 68 -j DROP
|
|
-A LOGDROPIN -p udp -m udp --dport 68 -j DROP
|
|
-A LOGDROPIN -p tcp -m tcp --dport 111 -j DROP
|
|
-A LOGDROPIN -p udp -m udp --dport 111 -j DROP
|
|
-A LOGDROPIN -p tcp -m tcp --dport 113 -j DROP
|
|
-A LOGDROPIN -p udp -m udp --dport 113 -j DROP
|
|
-A LOGDROPIN -p tcp -m tcp --dport 135:139 -j DROP
|
|
-A LOGDROPIN -p udp -m udp --dport 135:139 -j DROP
|
|
-A LOGDROPIN -p tcp -m tcp --dport 445 -j DROP
|
|
-A LOGDROPIN -p udp -m udp --dport 445 -j DROP
|
|
-A LOGDROPIN -p tcp -m tcp --dport 500 -j DROP
|
|
-A LOGDROPIN -p udp -m udp --dport 500 -j DROP
|
|
-A LOGDROPIN -p tcp -m tcp --dport 513 -j DROP
|
|
-A LOGDROPIN -p udp -m udp --dport 513 -j DROP
|
|
-A LOGDROPIN -p tcp -m tcp --dport 520 -j DROP
|
|
-A LOGDROPIN -p udp -m udp --dport 520 -j DROP
|
|
-A LOGDROPIN -p tcp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *TCP_IN Blocked* "
|
|
-A LOGDROPIN -p udp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *UDP_IN Blocked* "
|
|
-A LOGDROPIN -p icmp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *ICMP_IN Blocked* "
|
|
-A LOGDROPIN -j DROP
|
|
-A LOGDROPOUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 30/min -j LOG --log-prefix "Firewall: *TCP_OUT Blocked* " --log-uid
|
|
-A LOGDROPOUT -p udp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *UDP_OUT Blocked* " --log-uid
|
|
-A LOGDROPOUT -p icmp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *ICMP_OUT Blocked* " --log-uid
|
|
-A LOGDROPOUT -j REJECT --reject-with icmp-port-unreachable
|
|
-A DENYIN -m set --match-set chain_DENY src -j DROP
|
|
-A DENYOUT -m set --match-set chain_DENY dst -j LOGDROPOUT
|
|
-A ALLOWIN -s 194.63.143.34/32 ! -i lo -p tcp -m tcp --dport 5666 -j ACCEPT
|
|
-A ALLOWIN -s 134.19.177.221/32 ! -i lo -p tcp -m tcp --dport 5666 -j ACCEPT
|
|
-A ALLOWIN -s 91.210.104.27/32 ! -i lo -p tcp -m tcp --dport 5666 -j ACCEPT
|
|
-A ALLOWIN -m set --match-set chain_ALLOW src -j ACCEPT
|
|
-A ALLOWOUT -m set --match-set chain_ALLOW dst -j ACCEPT
|
|
-A LOCALINPUT ! -i lo -j ALLOWIN
|
|
-A LOCALINPUT ! -i lo -j DENYIN
|
|
-A LOCALINPUT ! -i lo -j HONEYPOT
|
|
-A LOCALINPUT ! -i lo -j DSHIELD
|
|
-A LOCALINPUT ! -i lo -j BDEALL
|
|
-A LOCALINPUT ! -i lo -j SPAMDROP
|
|
-A LOCALINPUT ! -i lo -j CRYPTOPHP
|
|
-A LOCALINPUT ! -i lo -j EMAILSPAMMERS
|
|
-A LOCALINPUT ! -i lo -j BFB
|
|
-A LOCALINPUT ! -i lo -j BOGON
|
|
-A LOCALINPUT ! -i lo -j BDE
|
|
-A LOCALINPUT ! -i lo -j BADBOTS
|
|
-A LOCALINPUT ! -i lo -j SPAMEDROP
|
|
-A LOCALINPUT ! -i lo -j TOREXITNODES
|
|
-A LOCALINPUT ! -i lo -j MAXMIND
|
|
-A LOCALOUTPUT ! -o lo -j ALLOWOUT
|
|
-A LOCALOUTPUT ! -o lo -j DENYOUT
|
|
-A INVDROP -m conntrack --ctstate INVALID -m limit --limit 30/min -j LOG --log-prefix "Firewall: *INVALID* "
|
|
-A INVDROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 30/min -j LOG --log-prefix "Firewall: *INV_AN* "
|
|
-A INVDROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -m limit --limit 30/min -j LOG --log-prefix "Firewall: *INV_AA* "
|
|
-A INVDROP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 30/min -j LOG --log-prefix "Firewall: *INV_SFSF* "
|
|
-A INVDROP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 30/min -j LOG --log-prefix "Firewall: *INV_SRSR* "
|
|
-A INVDROP -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -m limit --limit 30/min -j LOG --log-prefix "Firewall: *INV_FRFR* "
|
|
-A INVDROP -p tcp -m tcp --tcp-flags FIN,ACK FIN -m limit --limit 30/min -j LOG --log-prefix "Firewall: *INV_AFF* "
|
|
-A INVDROP -p tcp -m tcp --tcp-flags PSH,ACK PSH -m limit --limit 30/min -j LOG --log-prefix "Firewall: *INV_APP* "
|
|
-A INVDROP -p tcp -m tcp --tcp-flags ACK,URG URG -m limit --limit 30/min -j LOG --log-prefix "Firewall: *INV_AUU* "
|
|
-A INVDROP -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -m limit --limit 30/min -j LOG --log-prefix "Firewall: *INV_NOSYN* "
|
|
-A INVDROP -j DROP
|
|
-A INVALID -m conntrack --ctstate INVALID -j INVDROP
|
|
-A INVALID -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j INVDROP
|
|
-A INVALID -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j INVDROP
|
|
-A INVALID -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j INVDROP
|
|
-A INVALID -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j INVDROP
|
|
-A INVALID -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j INVDROP
|
|
-A INVALID -p tcp -m tcp --tcp-flags FIN,ACK FIN -j INVDROP
|
|
-A INVALID -p tcp -m tcp --tcp-flags PSH,ACK PSH -j INVDROP
|
|
-A INVALID -p tcp -m tcp --tcp-flags ACK,URG URG -j INVDROP
|
|
-A INVALID -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j INVDROP
|
|
-A SMTPOUTPUT -o lo -p tcp -m multiport --dports 25,465,587 -j ACCEPT
|
|
-A SMTPOUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner 65534 -j ACCEPT
|
|
-A SMTPOUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner 12 -j ACCEPT
|
|
-A SMTPOUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner 65534 -j ACCEPT
|
|
-A SMTPOUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner 101 -j ACCEPT
|
|
-A SMTPOUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner 89 -j ACCEPT
|
|
-A SMTPOUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner 0 -j ACCEPT
|
|
-A SMTPOUTPUT -p tcp -m multiport --dports 25,465,587 -j LOGDROPOUT
|
|
COMMIT
|
|
# Completed on Tue Oct 20 17:37:31 2020
|
|
# Generated by iptables-save v1.8.4 on Tue Oct 20 17:37:31 2020
|
|
*raw
|
|
:PREROUTING ACCEPT [0:0]
|
|
:OUTPUT ACCEPT [0:0]
|
|
-A PREROUTING -p tcp -m tcp --dport 21 -j CT --helper ftp
|
|
-A OUTPUT -p tcp -m tcp --dport 21 -j CT --helper ftp
|
|
COMMIT
|
|
# Completed on Tue Oct 20 17:37:31 2020
|
|
# Generated by iptables-save v1.8.4 on Tue Oct 20 17:37:31 2020
|
|
*mangle
|
|
:PREROUTING ACCEPT [0:0]
|
|
:INPUT ACCEPT [0:0]
|
|
:FORWARD ACCEPT [0:0]
|
|
:OUTPUT ACCEPT [0:0]
|
|
:POSTROUTING ACCEPT [0:0]
|
|
COMMIT
|
|
# Completed on Tue Oct 20 17:37:31 2020
|
|
# Generated by iptables-save v1.8.4 on Tue Oct 20 17:37:31 2020
|
|
*nat
|
|
:PREROUTING ACCEPT [0:0]
|
|
:INPUT ACCEPT [0:0]
|
|
:POSTROUTING ACCEPT [0:0]
|
|
:OUTPUT ACCEPT [0:0]
|
|
-A PREROUTING ! -i lo -p tcp -m set --match-set MESSENGER src -m multiport --dports 80,2082,2093,2095 -j REDIRECT --to-ports 8888
|
|
-A PREROUTING ! -i lo -p tcp -m set --match-set MESSENGER src -m multiport --dports 21 -j REDIRECT --to-ports 8889
|
|
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
|
|
COMMIT
|
|
# Completed on Tue Oct 20 17:37:31 2020
|