2024/etc/firewall

# Generated by iptables-save v1.8.9 (nf_tables) on Sat Nov  2 10:52:22 2024
*filter
:INPUT ACCEPT [25298:5332366]
:FORWARD ACCEPT [13306485:21895236661]
:OUTPUT ACCEPT [379222:49662999]
:f2b-sshd - [0:0]
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -s 10.26.0.0/16 -d 10.26.0.1/32 -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -s 10.26.0.0/16 -d 10.26.0.1/32 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s 10.20.0.0/16 -d 10.0.0.0/8 -j ACCEPT
-A INPUT -s 10.16.0.0/12 -d 10.0.0.0/8 -m comment --comment "Unknown traffic" -j LOG
-A INPUT -i lo -j ACCEPT

-A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT
-A FORWARD -s 10.21.0.0/16 -d 10.0.0.0/8 -j DROP
-A FORWARD -s 10.22.0.0/16 -d 10.0.0.0/8 -j DROP
-A FORWARD -s 10.26.0.0/16 -d 10.0.0.0/8 -j DROP
-A FORWARD -s 10.27.0.0/16 -d 10.0.0.0/8 -j DROP

-A INPUT -s 10.21.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.22.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.23.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.24.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.25.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.26.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.27.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A f2b-sshd -j RETURN
COMMIT
# Completed on Sat Nov  2 10:52:22 2024
# Generated by iptables-save v1.8.9 (nf_tables) on Sat Nov  2 10:52:22 2024
*nat
:PREROUTING ACCEPT [62968:10626577]
:INPUT ACCEPT [17162:1392257]
:OUTPUT ACCEPT [35016:2739063]
:POSTROUTING ACCEPT [27488:2120027]
-A POSTROUTING -o eno2.207 -j MASQUERADE
-A POSTROUTING -o eno2.10 -j MASQUERADE
COMMIT
# Completed on Sat Nov  2 10:52:22 2024