rendered paste bodyChain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* Accept from localhost */
ACCEPT all -- anywhere anywhere /* Global whitelist */ match-set whitelist src
DROP all -- anywhere anywhere /* Global blacklist */ match-set blacklist src
DROP all -- anywhere anywhere /* IANA Reserved */ match-set reserved src
ACCEPT icmp -- anywhere anywhere /* Echo Request */ icmp echo-request
REJECT tcp -- anywhere anywhere /* SSH Blacklist */ tcp dpt:ssh match-set sshlist src reject-with tcp-reset
ACCEPT tcp -- anywhere anywhere /* SSH */ tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere /* Web (HTTP/HTTPS) */ multiport dports http,https
ACCEPT all -- anywhere anywhere /* Established/Related */ state RELATED,ESTABLISHED
DROP udp -- anywhere 255.255.255.255 /* Broadcast traffic */
DROP udp -- anywhere anywhere /* Netbios */ multiport dports netbios-ns,netbios-dgm
REJECT tcp -- anywhere anywhere /* Microsoft SMB */ tcp dpt:microsoft-ds reject-with tcp-reset
LOGREJECT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain LOGDROP (0 references)
target prot opt source destination
ULOG all -- anywhere anywhere limit: avg 5/min burst 5 ULOG copy_range 48 nlgroup 1 prefix "D" queue_threshold 1
DROP all -- anywhere anywhere
Chain LOGREJECT (1 references)
target prot opt source destination
ULOG all -- anywhere anywhere limit: avg 5/min burst 5 ULOG copy_range 48 nlgroup 1 prefix "R" queue_threshold 1