\ Simple stateful dsgfghddfgfds - /g/pasta 2.4
From Sinc, 5 Years ago, written in Plain Text.
This paste will in 1 Second.
Embed
  1. Chain INPUT (policy DROP)
  2. target     prot opt source               destination        
  3. ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
  4. ACCEPT     all  --  anywhere             anywhere            
  5. DROP       all  --  anywhere             anywhere             ctstate INVALID
  6. UDP        udp  --  anywhere             anywhere             ctstate NEW
  7. TCP        tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
  8. ACCEPT     icmp --  anywhere             anywhere             icmp echo-request limit: avg 30/min burst 8
  9. DROP       icmp --  anywhere             anywhere             icmp echo-request
  10. REJECT     tcp  --  anywhere             anywhere             recent: SET name: TCP-PORTSCAN side: source mask: 255.255.255.255 reject-with tcp-reset
  11. REJECT     udp  --  anywhere             anywhere             recent: SET name: UDP-PORTSCAN side: source mask: 255.255.255.255 reject-with icmp-port-unreachable
  12. REJECT     all  --  anywhere             anywhere             reject-with icmp-proto-unreachable
  13.  
  14. Chain FORWARD (policy DROP)
  15. target     prot opt source               destination        
  16.  
  17. Chain OUTPUT (policy ACCEPT)
  18. target     prot opt source               destination        
  19.  
  20. Chain TCP (1 references)
  21. target     prot opt source               destination        
  22. REJECT     tcp  --  anywhere             anywhere             recent: UPDATE seconds: 60 name: TCP-PORTSCAN side: source mask: 255.255.255.255 reject-with tcp-reset
  23.  
  24. Chain UDP (1 references)
  25. target     prot opt source               destination        
  26. REJECT     udp  --  anywhere             anywhere             recent: UPDATE seconds: 60 name: UDP-PORTSCAN side: source mask: 255.255.255.255 reject-with icmp-port-unreachable
  27.