Subversion Repositories configs

Rev

Rev 138 | Rev 149 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 138 Rev 145
Line 17... Line 17...
17 
-A INPUT -p esp -m esp -i eth1 -j ACCEPT
 17 
-A INPUT -p esp -m esp -i eth1 -j ACCEPT
18 
-A INPUT -p ah -m ah -i eth1 -j ACCEPT
 18 
-A INPUT -p ah -m ah -i eth1 -j ACCEPT
19 
-A INPUT -p udp -m udp -i eth1 --dport 500 -j ACCEPT
 19 
-A INPUT -p udp -m udp -i eth1 --dport 500 -j ACCEPT
20 
-A INPUT -p tcp -m tcp -i eth1 --dport 443 -j LOG_ACCEPT
 20 
-A INPUT -p tcp -m tcp -i eth1 --dport 443 -j LOG_ACCEPT
21 
-A INPUT -p udp -m udp -i eth1 --dport 1194 -j ACCEPT
 21 
-A INPUT -p udp -m udp -i eth1 --dport 1194 -j ACCEPT
22 
# letsencrypt certificate renewal
 22 
# Closed by Cox
23 
-A INPUT -p tcp -m tcp -i eth1 --dport 80 -j LOG_ACCEPT
 23 
-A INPUT -p tcp -m tcp -i eth1 --dport 80 -j LOG_ACCEPT
- 
 
 24 
-A INPUT -p tcp -m tcp -i eth1 --dport 8000 -j LOG_REJECT
24 
-A INPUT -p tcp -m tcp -i eth1 --dport 8080 -j LOG_REJECT
 25 
-A INPUT -p tcp -m tcp -i eth1 --dport 8080 -j LOG_REJECT
- 
 
 26 
# Closed by Cox
25 
-A INPUT -p tcp -m tcp -i eth1 --dport 25 -j LOG_REJECT
 27 
-A INPUT -p tcp -m tcp -i eth1 --dport 25 -j LOG_REJECT
26 
-A INPUT -p tcp -m tcp -i eth1 --dport 22 -j LOG_REJECT
 28 
-A INPUT -p tcp -m tcp -i eth1 --dport 22 -j LOG_REJECT
27 
-A INPUT -p tcp -m tcp -i eth1 --dport 53 -j LOG_REJECT
 29 
-A INPUT -p tcp -m tcp -i eth1 --dport 53 -j LOG_REJECT
28 
-A INPUT -p tcp -m tcp -i eth1 --dport 111 -j LOG_REJECT
 30 
-A INPUT -p tcp -m tcp -i eth1 --dport 111 -j LOG_REJECT
29 
-A INPUT -p tcp -m tcp -i eth1 --dport 135 -j LOG_REJECT
 31 
-A INPUT -p tcp -m tcp -i eth1 --dport 135 -j LOG_REJECT
Line 70... Line 72...
70 
:PREROUTING ACCEPT [9:1101]
 72 
:PREROUTING ACCEPT [9:1101]
71 
:POSTROUTING ACCEPT [14:962]
 73 
:POSTROUTING ACCEPT [14:962]
72 
:OUTPUT ACCEPT [14:962]
 74 
:OUTPUT ACCEPT [14:962]
73 
 
 75 
 
74 
# Webserver
 76 
# Webserver
75 
# letsencrypt certificate renewal
 77 
# http (Closed by Cox)
76 
-A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 10.192.25.240:443
 78 
#-A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 10.192.25.240:80
- 
 
 79 
#-A PREROUTING -i eth0 -d 72.219.238.135 -p tcp --dport 80 -j DNAT --to-destination 10.192.25.240:80
77 
# https
 80 
# https
78 
-A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to-destination 10.192.25.240:443
 81 
-A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to-destination 10.192.25.240:443
79 
 
 - 
 
80 
-A PREROUTING -i eth0 -d 72.219.238.135 -p tcp --dport 80 -j DNAT --to-destination 10.192.25.240:80
 - 
 
81 
-A PREROUTING -i eth0 -d 72.219.238.135 -p tcp --dport 443 -j DNAT --to-destination 10.192.25.240:443
 82 
-A PREROUTING -i eth0 -d 72.192.249.173 -p tcp --dport 443 -j DNAT --to-destination 10.192.25.240:443
82 
 
 83 
 
83 
# Squid
 84 
# Squid
84 
#-A PREROUTING -i eth0 -s 10.192.25.231/32 -p tcp --dport 80 -j DNAT --to 10.192.25.240:3128
 85 
#-A PREROUTING -i eth0 -s 10.192.25.231/32 -p tcp --dport 80 -j DNAT --to 10.192.25.240:3128
85 
#-A POSTROUTING -o eth1 -s 10.192.25.231/32 -d 10.192.25.240 -j SNAT --to 10.192.25.254
 86 
#-A POSTROUTING -o eth1 -s 10.192.25.231/32 -d 10.192.25.240 -j SNAT --to 10.192.25.254
86 
#-A PREROUTING -i eth0 -s 10.192.25.232/32 -p tcp --dport 80 -j DNAT --to 10.192.25.240:3128
 87 
#-A PREROUTING -i eth0 -s 10.192.25.232/32 -p tcp --dport 80 -j DNAT --to 10.192.25.240:3128