Forum Moderators: bakedjake
:INPUT ACCEPT [0:0]
(...)
:Enemies - [0:0]
(...)
-A INPUT -j Enemies-A Enemies -s 99.99.99.99 -j DROP
(...)
# my rules
:Ranges - [0:0]
:Dynamics - [0:0]
# my actions
-A INPUT -j Ranges
-A INPUT -j Dynamics
# existing rules
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT:INPUT ACCEPT [4927:1439976]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4896:2452260]
Ranges all -- anywhere anywhere
(...)
Chain Ranges (1 references)
target prot opt source destination
cat somefile | iptables-restore
sudo iptables-restore < /etc/iptables/rules.v4(...)
# my rules
:Ranges - [0:0]
:Ranges_80_443 - [0:0]
:Dynamics - [0:0]
# my actions
-A INPUT -j Ranges
-A INPUT -j Ranges_80_443
-A INPUT -j Dynamics
# existing rules
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT-A Ranges -s 20.192.0.0/10 -p tcp -m multiport --dports 443 -j DROP
sudo cat /etc/iptables/rules.v4 /etc/iptables/Ranges.v4 /etc/iptables/Ranges_80_443.v4 | iptables-restore
sudo iptables -L -n -v -xsudo iptables-restore < /etc/iptables/rules.v4
sudo iptables-restore --noflush < /etc/iptables/Ranges.v4
sudo iptables-restore --noflush < /etc/iptables/Ranges_80_443.v4
sudo iptables -L -n -v -x
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport (my ssh port) -j ACCEPT
-A INPUT -s (my IP)/32 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ACCEPT
-A INPUT -s 111.0.0.0/10 -p tcp --dport 443 -j DROP
-A INPUT -s 166.70.0.0/16 -p tcp --dport 443 -j DROP
-A INPUT -s 58.48.0.0/12 -j DROP
(etc)
-A INPUT -s 13.124.0.0/14 -p tcp --dport 443 -j DROP
-A INPUT -s 81.168.89.142/32 -p tcp --dport 443 -j DROP
COMMIT
-A INPUT -j REJECT --reject-with icmp-port-unreachable*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:Enemies - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j Enemies
-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport (my ssh port) -j ACCEPT
-A INPUT -s (my IP)/32 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ACCEPT
-A Enemies -s 1.1.0.0/10 -p tcp --dport 443 -j DROP
-A Enemies -s 2.2.0.0/16 -p tcp --dport 443 -j DROP
-A Enemies -s 3.3.0.0/12 -j DROP
(etc)
-A Enemies -s 4.4.0.0/14 -p tcp --dport 443 -j DROP
-A Enemies -s 5.5.5.5/32 -p tcp --dport 443 -j DROP
COMMITiptables -A Enemies -s 11.11.11.0/24 -j DROP
