| Dzmitry Stremkouski | e353ce3 | 2018-08-30 17:22:32 +0200 | [diff] [blame^] | 1 | iptables: |
| 2 | schema: | ||||
| 3 | epoch: 1 | ||||
| 4 | service: | ||||
| 5 | v4: | ||||
| 6 | enabled: true | ||||
| 7 | modules: | ||||
| 8 | - nf_conntrack_ftp | ||||
| 9 | - nf_conntrack_pptp | ||||
| 10 | v6: | ||||
| 11 | enabled: false | ||||
| 12 | modules: | ||||
| 13 | - nf_conntrack_ipv6 | ||||
| 14 | defaults: | ||||
| 15 | v4: | ||||
| 16 | metadata_rules: false | ||||
| 17 | policy: ACCEPT | ||||
| 18 | ruleset: | ||||
| 19 | action: ACCEPT | ||||
| 20 | params: "" | ||||
| 21 | rule: "" | ||||
| 22 | v6: | ||||
| 23 | metadata_rules: false | ||||
| 24 | policy: DROP | ||||
| 25 | ruleset: | ||||
| 26 | action: ACCEPT | ||||
| 27 | params: "" | ||||
| 28 | rule: "" | ||||
| 29 | tables: | ||||
| 30 | v4: | ||||
| 31 | filter: | ||||
| 32 | chains: | ||||
| 33 | INPUT: | ||||
| 34 | ruleset: | ||||
| 35 | 5: | ||||
| 36 | action: log_drop | ||||
| 37 | 10: | ||||
| 38 | rule: -s 192.168.0.0/24 -p tcp | ||||
| 39 | log_drop: | ||||
| 40 | policy: DROP | ||||
| 41 | ruleset: | ||||
| 42 | 10: | ||||
| 43 | rule: "" | ||||
| 44 | action: LOG | ||||
| 45 | nat: | ||||
| 46 | chains: | ||||
| 47 | OUTPUT: | ||||
| 48 | PREROUTING: | ||||
| 49 | POSTROUTING: | ||||
| 50 | policy: ACCEPT | ||||
| 51 | ruleset: | ||||
| 52 | 10: | ||||
| 53 | rule: -s 192.168.0.0/24 -p tcp -o lo | ||||
| 54 | action: SNAT | ||||
| 55 | params: --to-source=127.0.0.1 | ||||
| 56 | config: v4 | ||||
| 57 | v6: | ||||
| 58 | filter: | ||||
| 59 | chains: | ||||
| 60 | INPUT: | ||||
| 61 | ruleset: | ||||
| 62 | 5: | ||||
| 63 | action: log_drop | ||||
| 64 | 10: | ||||
| 65 | rule: -s 200A:0:200C::1/64 -p tcp | ||||
| 66 | log_drop: | ||||
| 67 | policy: DROP | ||||
| 68 | ruleset: | ||||
| 69 | 10: | ||||
| 70 | rule: "" | ||||
| 71 | action: LOG | ||||