123 lines
3.3 KiB
Plaintext
123 lines
3.3 KiB
Plaintext
table ip filter {
|
|
chain input {
|
|
type filter hook input priority filter; policy drop;
|
|
iif "lo" counter accept
|
|
ct state established counter accept
|
|
iif "docker0" counter accept
|
|
tcp dport 57692 counter accept
|
|
udp dport 57692 counter accept
|
|
tcp dport 80 counter accept
|
|
udp dport 80 counter accept
|
|
tcp dport 443 counter accept
|
|
udp dport 443 counter accept
|
|
tcp dport 22 counter accept
|
|
udp dport 22 counter accept
|
|
tcp dport 3000 counter accept
|
|
udp dport 3000 counter accept
|
|
tcp dport 8082 counter accept
|
|
udp dport 8082 counter accept
|
|
tcp dport 853 counter accept
|
|
udp dport 853 counter accept
|
|
tcp dport 53 counter accept
|
|
udp dport 53 counter accept
|
|
udp dport 53 counter accept
|
|
tcp dport 67 counter accept
|
|
udp dport 67 counter accept
|
|
udp dport 67 counter accept
|
|
tcp dport 68 counter accept
|
|
udp dport 68 counter accept
|
|
udp dport 68 counter accept
|
|
tcp dport 631 counter accept
|
|
udp dport 631 counter accept
|
|
tcp dport 5353 counter accept
|
|
udp dport 5353 counter accept
|
|
ip saddr 192.168.0.55 tcp dport 22000 accept
|
|
ip saddr 192.168.0.55 tcp dport 8384 accept
|
|
ip saddr 192.168.0.55 tcp dport 21027 accept
|
|
tcp dport 22000 counter accept
|
|
udp dport 22000 counter accept
|
|
tcp dport 8384 counter accept
|
|
udp dport 8384 counter accept
|
|
tcp dport 21027 counter accept
|
|
udp dport 21027 counter accept
|
|
tcp dport 8096 counter accept
|
|
udp dport 8096 counter accept
|
|
tcp dport 7359 counter accept
|
|
udp dport 7359 counter accept
|
|
ip saddr 192.168.5.0/24 counter accept
|
|
ip saddr 192.168.0.55 tcp dport 4001 accept
|
|
icmp type echo-request counter drop
|
|
log
|
|
log counter drop
|
|
drop
|
|
}
|
|
|
|
chain forward {
|
|
type filter hook forward priority filter; policy accept;
|
|
iifname "wg0" oif "enp11s0" counter accept
|
|
iifname "enp11s0" oif "wg0" counter accept
|
|
counter accept
|
|
}
|
|
|
|
chain output {
|
|
type filter hook output priority filter; policy accept;
|
|
counter accept
|
|
}
|
|
}
|
|
table ip6 filter {
|
|
chain input {
|
|
type filter hook input priority filter; policy drop;
|
|
tcp dport 57692 counter accept
|
|
udp dport 57692 counter accept
|
|
tcp dport 80 counter accept
|
|
udp dport 80 counter accept
|
|
tcp dport 443 counter accept
|
|
udp dport 443 counter accept
|
|
tcp dport 22 counter accept
|
|
udp dport 22 counter accept
|
|
tcp dport 3000 counter accept
|
|
udp dport 3000 counter accept
|
|
tcp dport 8082 counter accept
|
|
udp dport 8082 counter accept
|
|
tcp dport 853 counter accept
|
|
udp dport 853 counter accept
|
|
tcp dport 53 counter accept
|
|
udp dport 53 counter accept
|
|
tcp dport 67 counter accept
|
|
udp dport 67 counter accept
|
|
tcp dport 68 counter accept
|
|
udp dport 68 counter accept
|
|
tcp dport 631 counter accept
|
|
udp dport 631 counter accept
|
|
tcp dport 5353 counter accept
|
|
udp dport 5353 counter accept
|
|
tcp dport 22000 counter accept
|
|
udp dport 22000 counter accept
|
|
tcp dport 8384 counter accept
|
|
udp dport 8384 counter accept
|
|
tcp dport 21027 counter accept
|
|
udp dport 21027 counter accept
|
|
tcp dport 8096 counter accept
|
|
udp dport 8096 counter accept
|
|
tcp dport 7359 counter accept
|
|
udp dport 7359 counter accept
|
|
}
|
|
|
|
chain forward {
|
|
type filter hook forward priority filter; policy accept;
|
|
drop
|
|
}
|
|
|
|
chain output {
|
|
type filter hook output priority filter; policy accept;
|
|
drop
|
|
}
|
|
}
|
|
table ip nat {
|
|
chain postrouting {
|
|
oif "wg0" iif "enp11s0"
|
|
oif "enp11s0" iif "wg0"
|
|
masquerade
|
|
}
|
|
}
|