From Chartreuse Leopard, 3 Months ago, written in Plain Text.
  1. # Generated by iptables-save v1.6.1 on Wed May 29 14:00:35 2019
  2. *filter
  3. :INPUT DROP [581:57384]
  4. :FORWARD DROP [0:0]
  5. :OUTPUT ACCEPT [8996:1029147]
  6. :DOCKER - [0:0]
  7. :DOCKER-INGRESS - [0:0]
  8. :DOCKER-ISOLATION-STAGE-1 - [0:0]
  9. :DOCKER-ISOLATION-STAGE-2 - [0:0]
  10. :DOCKER-USER - [0:0]
  11. [4:376] -A INPUT -i lo -j ACCEPT
  12. [4952:522437] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  13. [1:52] -A INPUT -s 1.2.3.4/32 -p tcp -m tcp --dport 22 -j ACCEPT
  14. [2252:135120] -A INPUT -s 1.2.3.4/32 -p tcp -m tcp --dport 24007 -j ACCEPT
  15. [2221:133260] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 24007 -j ACCEPT
  16. [0:0] -A INPUT -s 1.2.3.4/32 -p tcp -m tcp --dport 24008 -j ACCEPT
  17. [0:0] -A INPUT -s 10.11.12.13/32 -p tcp -m tcp --dport 24008 -j ACCEPT
  18. [0:0] -A INPUT -s 1.2.3.4/32 -p udp -m udp --dport 24007 -j ACCEPT
  19. [0:0] -A INPUT -s 5.6.7.8/32 -p udp -m udp --dport 24007 -j ACCEPT
  20. [0:0] -A INPUT -s 1.2.3.4/32 -p udp -m udp --dport 24008 -j ACCEPT
  21. [0:0] -A INPUT -s 10.11.12.13/32 -p udp -m udp --dport 24008 -j ACCEPT
  22. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 22 -j ACCEPT
  23. [0:0] -A INPUT -s 1.2.3.4/32 -p tcp -m tcp --dport 10000 -j ACCEPT
  24. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 2377 -j ACCEPT
  25. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 2375 -j ACCEPT
  26. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 2377 -j ACCEPT
  27. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 7946 -j ACCEPT
  28. [0:0] -A INPUT -s 5.6.7.8/32 -p udp -m udp --dport 7946 -j ACCEPT
  29. [0:0] -A INPUT -s 5.6.7.8/32 -p udp -m udp --dport 4789 -j ACCEPT
  30. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 5671 -j ACCEPT
  31. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 5672 -j ACCEPT
  32. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 15672 -j ACCEPT
  33. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 4369 -j ACCEPT
  34. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 25672 -j ACCEPT
  35. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 35672 -j ACCEPT
  36. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 6379 -j ACCEPT
  37. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 6380 -j ACCEPT
  38. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 1433 -j ACCEPT
  39. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 9200 -j ACCEPT
  40. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 8080 -j ACCEPT
  41. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 1337 -j ACCEPT
  42. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 9001 -j ACCEPT
  43. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 31433 -j ACCEPT
  44. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 26379 -j ACCEPT
  45. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 9300 -j ACCEPT
  46. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 9200 -j ACCEPT
  47. [0:0] -A INPUT -s 5.6.7.8/32 -p tcp -m tcp --dport 5601 -j ACCEPT
  48. [0:0] -A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
  49. [0:0] -A INPUT -p tcp -m tcp --dport 8001 -j ACCEPT
  50. [0:0] -A INPUT -p tcp -m tcp --dport 8501 -j ACCEPT
  51. [0:0] -A INPUT -p tcp -m tcp --dport 8502 -j ACCEPT
  52. [0:0] -A INPUT -p tcp -m tcp --dport 8503 -j ACCEPT
  53. [0:0] -A INPUT -p tcp -m tcp --dport 8504 -j ACCEPT
  54. [0:0] -A INPUT -p tcp -m tcp --dport 8505 -j ACCEPT
  55. [0:0] -A INPUT -p tcp -m tcp --dport 8506 -j ACCEPT
  56. [0:0] -A INPUT -p tcp -m tcp --dport 8507 -j ACCEPT
  57. [0:0] -A INPUT -p tcp -m tcp --dport 8508 -j ACCEPT
  58. [0:0] -A INPUT -p tcp -m tcp --dport 8509 -j ACCEPT
  59. [0:0] -A INPUT -p tcp -m tcp --dport 8510 -j ACCEPT
  60. [0:0] -A INPUT -p tcp -m tcp --dport 8511 -j ACCEPT
  61. [0:0] -A INPUT -p tcp -m tcp --dport 8512 -j ACCEPT
  62. [0:0] -A INPUT -p tcp -m tcp --dport 8513 -j ACCEPT
  63. [0:0] -A INPUT -p tcp -m tcp --dport 8514 -j ACCEPT
  64. [0:0] -A INPUT -p tcp -m tcp --dport 8515 -j ACCEPT
  65. [0:0] -A FORWARD -j DOCKER-USER
  66. [0:0] -A FORWARD -j DOCKER-INGRESS
  67. [0:0] -A FORWARD -j DOCKER-ISOLATION-STAGE-1
  68. [0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  69. [0:0] -A FORWARD -o docker0 -j DOCKER
  70. [0:0] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  71. [0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
  72. [0:0] -A FORWARD -o docker_gwbridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  73. [0:0] -A FORWARD -o docker_gwbridge -j DOCKER
  74. [0:0] -A FORWARD -i docker_gwbridge ! -o docker_gwbridge -j ACCEPT
  75. [0:0] -A FORWARD -i docker_gwbridge -o docker_gwbridge -j DROP
  76. [0:0] -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9000 -j ACCEPT
  77. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8504 -j ACCEPT
  78. [0:0] -A DOCKER-INGRESS -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 8504 -j ACCEPT
  79. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8502 -j ACCEPT
  80. [0:0] -A DOCKER-INGRESS -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 8502 -j ACCEPT
  81. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8503 -j ACCEPT
  82. [0:0] -A DOCKER-INGRESS -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 8503 -j ACCEPT
  83. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8508 -j ACCEPT
  84. [0:0] -A DOCKER-INGRESS -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 8508 -j ACCEPT
  85. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8505 -j ACCEPT
  86. [0:0] -A DOCKER-INGRESS -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 8505 -j ACCEPT
  87. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8510 -j ACCEPT
  88. [0:0] -A DOCKER-INGRESS -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 8510 -j ACCEPT
  89. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8501 -j ACCEPT
  90. [0:0] -A DOCKER-INGRESS -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 8501 -j ACCEPT
  91. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8507 -j ACCEPT
  92. [0:0] -A DOCKER-INGRESS -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 8507 -j ACCEPT
  93. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 6379 -j ACCEPT
  94. [0:0] -A DOCKER-INGRESS -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 6379 -j ACCEPT
  95. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 15672 -j ACCEPT
  96. [0:0] -A DOCKER-INGRESS -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 15672 -j ACCEPT
  97. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 5672 -j ACCEPT
  98. [0:0] -A DOCKER-INGRESS -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 5672 -j ACCEPT
  99. [0:0] -A DOCKER-INGRESS -j RETURN
  100. [0:0] -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
  101. [0:0] -A DOCKER-ISOLATION-STAGE-1 -i docker_gwbridge ! -o docker_gwbridge -j DOCKER-ISOLATION-STAGE-2
  102. [0:0] -A DOCKER-ISOLATION-STAGE-1 -j RETURN
  103. [0:0] -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
  104. [0:0] -A DOCKER-ISOLATION-STAGE-2 -o docker_gwbridge -j DROP
  105. [0:0] -A DOCKER-ISOLATION-STAGE-2 -j RETURN
  106. [0:0] -A DOCKER-USER -j RETURN
  107. COMMIT
  108. # Completed on Wed May 29 14:00:35 2019
  109. # Generated by iptables-save v1.6.1 on Wed May 29 14:00:35 2019
  110. *mangle
  111. :PREROUTING ACCEPT [10021:849371]
  112. :INPUT ACCEPT [10011:848629]
  113. :FORWARD ACCEPT [0:0]
  114. :OUTPUT ACCEPT [8996:1029147]
  115. :POSTROUTING ACCEPT [8996:1029147]
  116. COMMIT
  117. # Completed on Wed May 29 14:00:35 2019
  118. # Generated by iptables-save v1.6.1 on Wed May 29 14:00:35 2019
  119. *nat
  120. :PREROUTING ACCEPT [5064:326518]
  121. :INPUT ACCEPT [4474:268432]
  122. :OUTPUT ACCEPT [6:428]
  123. :POSTROUTING ACCEPT [6:428]
  124. :DOCKER - [0:0]
  125. :DOCKER-INGRESS - [0:0]
  126. [4770:288749] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER-INGRESS
  127. [4769:288709] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
  128. [1:72] -A OUTPUT -m addrtype --dst-type LOCAL -j DOCKER-INGRESS
  129. [0:0] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
  130. [0:0] -A POSTROUTING -o docker_gwbridge -m addrtype --src-type LOCAL -j MASQUERADE
  131. [0:0] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
  132. [0:0] -A POSTROUTING -s 172.18.0.0/16 ! -o docker_gwbridge -j MASQUERADE
  133. [0:0] -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 9000 -j MASQUERADE
  134. [0:0] -A DOCKER -i docker0 -j RETURN
  135. [0:0] -A DOCKER -i docker_gwbridge -j RETURN
  136. [0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 9000 -j DNAT --to-destination 172.17.0.2:9000
  137. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8504 -j DNAT --to-destination 172.18.0.2:8504
  138. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8502 -j DNAT --to-destination 172.18.0.2:8502
  139. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8503 -j DNAT --to-destination 172.18.0.2:8503
  140. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8508 -j DNAT --to-destination 172.18.0.2:8508
  141. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8505 -j DNAT --to-destination 172.18.0.2:8505
  142. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8510 -j DNAT --to-destination 172.18.0.2:8510
  143. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8501 -j DNAT --to-destination 172.18.0.2:8501
  144. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 8507 -j DNAT --to-destination 172.18.0.2:8507
  145. [1:40] -A DOCKER-INGRESS -p tcp -m tcp --dport 6379 -j DNAT --to-destination 172.18.0.2:6379
  146. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 15672 -j DNAT --to-destination 172.18.0.2:15672
  147. [0:0] -A DOCKER-INGRESS -p tcp -m tcp --dport 5672 -j DNAT --to-destination 172.18.0.2:5672
  148. [4770:288781] -A DOCKER-INGRESS -j RETURN
  149. COMMIT
  150. # Completed on Wed May 29 14:00:35 2019
captcha