1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
iptables -A FJ-vnet0 -p all -m state --state ESTABLISHED,RELATED -m comment \
--comment 'out: existing and related (ftp) connections' -j RETURN
iptables -A HJ-vnet0 -p all -m state --state ESTABLISHED,RELATED -m comment \
--comment 'out: existing and related (ftp) connections' -j RETURN
iptables -A FP-vnet0 -p all -m state --state ESTABLISHED -m comment \
--comment 'in: existing connections' -j ACCEPT
iptables -A FP-vnet0 -p tcp --dport 21:22 -m state --state NEW -m comment \
--comment 'in: ftp and ssh' -j ACCEPT
iptables -A FP-vnet0 -p icmp -m state --state NEW -m comment \
--comment 'in: icmp' -j ACCEPT
iptables -A FJ-vnet0 -p udp --dport 53 -m state --state NEW -m comment \
--comment 'out: DNS lookups' -j RETURN
iptables -A HJ-vnet0 -p udp --dport 53 -m state --state NEW -m comment \
--comment 'out: DNS lookups' -j RETURN
iptables -A FJ-vnet0 -p all -m comment \
--comment 'inout: drop all non-accepted traffic' -j DROP
iptables -A FP-vnet0 -p all -m comment \
--comment 'inout: drop all non-accepted traffic' -j DROP
iptables -A HJ-vnet0 -p all -m comment \
--comment 'inout: drop all non-accepted traffic' -j DROP
|
