# Translated by iptables-restore-translate v1.8.7 on Thu Mar 17 13:00:41 2022 add table ip filter add chain ip filter INPUT { type filter hook input priority 0; policy drop; } add chain ip filter FORWARD { type filter hook forward priority 0; policy drop; } add chain ip filter OUTPUT { type filter hook output priority 0; policy accept; } add rule ip filter INPUT iifname "lo" counter accept add rule ip filter INPUT tcp flags & (fin|syn|rst|psh|ack|urg) == 0x0 counter drop add rule ip filter INPUT tcp flags & (fin|syn|rst|ack) != syn ct state new counter drop add rule ip filter INPUT tcp flags & (fin|syn|rst|psh|ack|urg) == fin|syn|rst|psh|ack|urg counter drop add rule ip filter INPUT ip protocol icmp counter accept add rule ip filter INPUT ip protocol tcp ct state related,established counter accept add rule ip filter INPUT udp sport 53 counter accept add rule ip filter INPUT tcp dport 8080-8083 counter accept add rule ip filter INPUT tcp dport 3389 counter accept add rule ip filter INPUT tcp dport 5900-5906 counter accept add rule ip filter INPUT tcp dport 6080 counter accept add rule ip filter INPUT tcp dport 8863 counter accept add rule ip filter OUTPUT tcp dport 8863 counter accept add rule ip filter INPUT tcp dport 8088 counter accept add rule ip filter INPUT tcp dport 445 counter accept add rule ip filter OUTPUT udp dport 123 counter accept add rule ip filter INPUT udp sport 123 counter accept add rule ip filter INPUT ip saddr 127.0.0.0/8 counter drop add rule ip filter INPUT ip saddr 10.0.0.0/8 counter drop add rule ip filter INPUT ip saddr 172.16.0.0/12 counter drop add rule ip filter INPUT ip saddr 192.168.0.0/16 counter drop add chain ip filter PING_ATTACK add rule ip filter PING_ATTACK meta length 0-85 counter accept add rule ip filter PING_ATTACK counter log prefix "[IPTABLES PINGATTACK] : " level debug add rule ip filter PING_ATTACK counter drop add rule ip filter INPUT icmp type echo-request counter jump PING_ATTACK add rule ip filter PING_ATTACK icmp type echo-request meta length 0-85 limit rate 1/second burst 4 packets counter accept add rule ip filter INPUT ip daddr 255.255.255.255 counter drop add rule ip filter INPUT ip daddr 224.0.0.1 counter drop add rule ip filter INPUT ip daddr 192.168.0.255 counter drop add rule ip filter INPUT tcp dport 113 counter reject with tcp reset add rule ip filter INPUT tcp flags & (syn|rst|ack) != syn ct state new counter drop add rule ip filter INPUT ct state related,established counter accept add rule ip filter INPUT ip protocol tcp ct state new counter drop add rule ip filter INPUT ct state new tcp dport 80 counter accept # Completed on Thu Mar 17 13:00:41 2022