forum.excito.org

Posted: **10 Feb 2013, 08:16**

Hello all,

During the years I have modified iptables extensively due to a multitude of alterations to my systems.
The changes have followed me from Bubba Server to B2 to the B3.
Looking at it now, I'm no longer sure what's going on. There are so many things added for different VPN solutions, outgoing UDP for SIP etc. and they don't show up in the web interface...
Some of it might have been added by successful crackers for all I know.

To be frank, I don't understand half of what's in there any more...

Would anyone with a freshly installed B3 be kind enough to send me the output of:

Code: Select all

sudo iptables-save

I understand you might want to change specifics like IP addresses of your output, and that you do not want to post it here on the forum. I just want an idea of what the standard is now days, and what I might have changed since 2007.
A PM would do nicely.

Many thanks in advance!

Cheeseboy

Posted: **10 Feb 2013, 09:01**

this is for a b3-wifi

Code: Select all

root@b3:~# iptables-save 
# Generated by iptables-save v1.4.8 on Sun Feb 10 14:59:58 2013
*nat
:PREROUTING ACCEPT [634690:46782356]
:INPUT ACCEPT [605847:44426050]
:OUTPUT ACCEPT [344909:25953513]
:POSTROUTING ACCEPT [373683:28300594]
-A POSTROUTING -o eth0 -j MASQUERADE 
COMMIT
# Completed on Sun Feb 10 14:59:58 2013
# Generated by iptables-save v1.4.8 on Sun Feb 10 14:59:58 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [5424177:4356522359]
-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset 
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP 
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i br0 -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT 
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A INPUT -p icmp -m icmp --icmp-type 3/4 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 143 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 993 -j ACCEPT 
-A FORWARD -i br0 -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -p icmp -m icmp --icmp-type 3/4 -j ACCEPT 
COMMIT
# Completed on Sun Feb 10 14:59:58 2013

Posted: **10 Feb 2013, 09:02**

FYI, I think you can get this from the firewall.conf file in a reinstall image.

Posted: **10 Feb 2013, 09:14**

Thank you both!

forum.excito.org

Request for out-of-the-box B3 iptables

Request for out-of-the-box B3 iptables

Re: Request for out-of-the-box B3 iptables

Re: Request for out-of-the-box B3 iptables

Re: Request for out-of-the-box B3 iptables