Skip to content

Instantly share code, notes, and snippets.

@Nerevarishe

Nerevarishe/iptables -L -vn

Created August 11, 2019 11:20
Show Gist options
  • Save Nerevarishe/528586fcc835270c8f17d68657111c11 to your computer and use it in GitHub Desktop.
Save Nerevarishe/528586fcc835270c8f17d68657111c11 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
iptables -L -vn
Chain INPUT (policy DROP 1979 packets, 107K bytes)
pkts bytes target prot opt in out source destination
623M 37G ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
623M 37G ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0
147K 9637K ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0
129K 7191K ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
129K 7191K ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0
129K 7191K ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 864 packets, 62762 bytes)
pkts bytes target prot opt in out source destination
29M 24G DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
29M 24G DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
20382 2636K ACCEPT all -- * br-bea60ee1e88e 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1487 84184 DOCKER all -- * br-bea60ee1e88e 0.0.0.0/0 0.0.0.0/0
18020 18M ACCEPT all -- br-bea60ee1e88e !br-bea60ee1e88e 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br-bea60ee1e88e br-bea60ee1e88e 0.0.0.0/0 0.0.0.0/0
23308 36M ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
11091 634K ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
3123K 486M ACCEPT all -- * br-35aa789cbb50 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
125K 7442K DOCKER all -- * br-35aa789cbb50 0.0.0.0/0 0.0.0.0/0
38823 158M ACCEPT all -- br-35aa789cbb50 !br-35aa789cbb50 0.0.0.0/0 0.0.0.0/0
121K 7245K ACCEPT all -- br-35aa789cbb50 br-35aa789cbb50 0.0.0.0/0 0.0.0.0/0
2117K 512M ACCEPT all -- * br-d04076e6b60d 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
32240 1930K DOCKER all -- * br-d04076e6b60d 0.0.0.0/0 0.0.0.0/0
31 3882 ACCEPT all -- br-d04076e6b60d !br-d04076e6b60d 0.0.0.0/0 0.0.0.0/0
31652 1899K ACCEPT all -- br-d04076e6b60d br-d04076e6b60d 0.0.0.0/0 0.0.0.0/0
26M 26G ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
26M 26G ufw-before-forward all -- * * 0.0.0.0/0 0.0.0.0/0
459K 40M ufw-after-forward all -- * * 0.0.0.0/0 0.0.0.0/0
459K 40M ufw-after-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
459K 40M ufw-reject-forward all -- * * 0.0.0.0/0 0.0.0.0/0
459K 40M ufw-track-forward all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 155 packets, 6228 bytes)
pkts bytes target prot opt in out source destination
674M 1940G ufw-before-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0
674M 1940G ufw-before-output all -- * * 0.0.0.0/0 0.0.0.0/0
2930K 319M ufw-after-output all -- * * 0.0.0.0/0 0.0.0.0/0
2930K 319M ufw-after-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0
2930K 319M ufw-reject-output all -- * * 0.0.0.0/0 0.0.0.0/0
2930K 319M ufw-track-output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- !br-35aa789cbb50 br-35aa789cbb50 0.0.0.0/0 172.18.0.2 tcp dpt:8073
982 51064 ACCEPT tcp -- !br-35aa789cbb50 br-35aa789cbb50 0.0.0.0/0 172.18.0.2 tcp dpt:8070
0 0 ACCEPT tcp -- !br-d04076e6b60d br-d04076e6b60d 0.0.0.0/0 192.168.48.3 tcp dpt:8072
0 0 ACCEPT tcp -- !br-d04076e6b60d br-d04076e6b60d 0.0.0.0/0 192.168.48.3 tcp dpt:8069
1482 83936 ACCEPT tcp -- !br-bea60ee1e88e br-bea60ee1e88e 0.0.0.0/0 172.20.0.2 tcp dpt:22
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
18020 18M DOCKER-ISOLATION-STAGE-2 all -- br-bea60ee1e88e !br-bea60ee1e88e 0.0.0.0/0 0.0.0.0/0
11091 634K DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
31 3882 DOCKER-ISOLATION-STAGE-2 all -- br-d04076e6b60d !br-d04076e6b60d 0.0.0.0/0 0.0.0.0/0
38823 158M DOCKER-ISOLATION-STAGE-2 all -- br-35aa789cbb50 !br-35aa789cbb50 0.0.0.0/0 0.0.0.0/0
32M 27G RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (4 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * br-bea60ee1e88e 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * br-d04076e6b60d 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * br-35aa789cbb50 0.0.0.0/0 0.0.0.0/0
67965 176M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
32M 27G RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
64 4992 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
34 8381 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
5 220 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
52 2168 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
51 15480 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
0 0 ufw-skip-to-policy-input all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 10.0.0.0/24 0.0.0.0/0 policy match dir in pol ipsec proto 50
0 0 ACCEPT all -- * * 0.0.0.0/0 10.0.0.0/24 policy match dir out pol ipsec proto 50
411K 407M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
906 76104 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
5723 519K ufw-user-forward all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
29696 16M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
22M 1061M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
3282 2840K ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
3282 2840K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
52 3000 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
371 122K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
144K 17M ufw-not-local all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 239.255.255.250 udp dpt:1900
144K 17M ufw-user-input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
29696 16M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
16M 55G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
41538 4349K ufw-user-output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination
Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination
144K 17M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
42 10617 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-input (7 references)
pkts bytes target prot opt in out source destination
206 31241 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-track-forward (1 references)
pkts bytes target prot opt in out source destination
3286 186K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
1573 270K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
12906 774K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
28477 3568K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
2 1196 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 10.0.0.1 tcp dpt:22
1 42 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
0 0 ACCEPT tcp -- tun0 * 0.0.0.0/0 10.8.0.1 tcp dpt:22
0 0 ACCEPT tcp -- tun0 * 0.0.0.0/0 10.8.0.1 tcp dpt:9091
0 0 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 10.0.0.1 tcp dpt:9091
1598 63920 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
1251 83360 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
4961 284K ACCEPT tcp -- enp0s8 * 0.0.0.0/0 178.34.180.132 tcp dpt:57623
10464 1016K ACCEPT udp -- enp0s8 * 0.0.0.0/0 178.34.180.132 udp dpt:57623
0 0 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 10.0.0.1 tcp dpt:80
0 0 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 10.0.0.1 tcp dpt:443
3610 147K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 /* 'dapp_Nginx%20Full' */
120K 15M ACCEPT udp -- enp0s8 * 0.0.0.0/0 178.34.180.132 udp dpt:6881
0 0 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 10.0.0.1 tcp dpt:9030
22 1276 ACCEPT tcp -- enp0s8 * 0.0.0.0/0 178.34.180.132 tcp dpt:51413
0 0 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 10.0.0.1 tcp dpt:51413
0 0 ACCEPT udp -- enp5s0 * 0.0.0.0/0 10.0.0.1 multiport dports 137,138
1 52 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 10.0.0.1 multiport dports 139,445
0 0 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 10.0.0.1 tcp dpt:27017
0 0 ACCEPT tcp -- lo * 0.0.0.0/0 127.0.0.1 tcp dpt:27017
0 0 ACCEPT udp -- tun0 * 0.0.0.0/0 10.8.0.1 multiport dports 137,138
0 0 ACCEPT tcp -- tun0 * 0.0.0.0/0 10.8.0.1 multiport dports 139,445
0 0 ACCEPT tcp -- enp0s8 * 0.0.0.0/0 178.34.180.132 tcp dpt:2222
16 11652 ACCEPT udp -- enp0s8 * 0.0.0.0/0 178.34.180.132 multiport dports 500,4500
Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment