|
|
@@ -84,7 +84,8 @@
|
|
|
-A FORWARD -p tcp -m tcp --sport 443 --dport 32768:65535 -j ACCEPT
|
|
|
|
|
|
# NTP
|
|
|
--A OUTPUT -p udp -m udp --sport 123 --dport 123 -j ACCEPT
|
|
|
+#-A OUTPUT -p udp -m udp --sport 123 --dport 123 -j ACCEPT
|
|
|
+-A OUTPUT -p udp -m udp --sport 32768:65535 --dport 123 -j ACCEPT
|
|
|
|
|
|
# Samba
|
|
|
#-A OUTPUT -p tcp -m tcp --sport 49152:65535 --dport 139 -j ACCEPT
|
|
|
@@ -140,6 +141,8 @@
|
|
|
# Attacks, crawls, scans, etc to clutter chain
|
|
|
-A INPUT -p icmp -j clutter
|
|
|
-A INPUT -s 0.0.0.0 -d 255.255.255.255 -j clutter -m comment --comment "Broadcast messages"
|
|
|
+-A OUTPUT -d 224.0.0.251 -p udp -m udp --sport 5353 --dport 5353 -j clutter -m comment --comment "Multicast: mDNS"
|
|
|
+-A INPUT -d 224.0.0.1 -j clutter -m comment --comment "Multicast: All hosts"
|
|
|
-A INPUT -p udp -m udp --dport 19 -j clutter -m comment --comment "Character generator, looping to echo = DDoS"
|
|
|
-A INPUT -p tcp -m tcp --dport 23 -j clutter
|
|
|
-A INPUT -p udp -m udp --dport 53 -j clutter
|
|
|
@@ -148,6 +151,7 @@
|
|
|
-A INPUT -p tcp -m tcp --dport 2323 -j clutter -m comment --comment "3d-nfsd"
|
|
|
-A INPUT -p udp -m udp --dport 5060 -j clutter
|
|
|
-A INPUT -p tcp -m tcp --dport 3389 -j clutter -m comment --comment "MS terminal server RDP"
|
|
|
+-A INPUT -p udp -m udp --sport 57621 --dport 57621 -j clutter -m comment --comment "Spotify client P2P"
|
|
|
|
|
|
#-A INPUT -d 255.255.255.255 -p tcp -m tcp --sport 67 --dport 68 -j clutter -m comment --comment "DHCP"
|
|
|
#-A INPUT -m iprange --dst-range 185.66.250.254-185.66.250.255 -j clutter
|
tBKwtWS