1 # iptables file standard for all CONTAINER.
2 # Firewall configuration written by vzgot
3 # the file is common and added to each container
4 # if present in HN /var/lib/vzgot/etc/sysconfig/iptables
5 # this file is given as a working example
11 #-----------------------------------------------------------
12 #defining rule to display reject in logs
15 -A logrjct -j LOG --log-level 6 --log-prefix "RJCT "
16 -A logrjct -j REJECT --reject-with icmp-host-prohibited
17 #defining rule to reject without log
20 #-----------------------------------------------------------
24 #-----------------------------------------------------------
26 -A std -i lo -j ACCEPT
27 #-----------------------------------------------------------
28 #acceptin already established link
29 -A std -m state --state ESTABLISHED,RELATED -j ACCEPT
30 #-----------------------------------------------------------
31 #accepting icmp packet (should be already pre-filtered by HN)
32 -A std -p icmp -j ACCEPT
33 #-----------------------------------------------------------
34 #accepting auth server
35 -A std -p tcp -m tcp -j ACCEPT --dport auth
36 #accepting all Email related services
37 -A std -p tcp -m tcp -j ACCEPT --dport smtp
38 -A std -p tcp -m tcp -j ACCEPT --dport pop-3
39 -A std -p tcp -m tcp -j ACCEPT --dport imaps
40 -A std -p tcp -m tcp -j ACCEPT --dport imap
41 #accepting all WEB related services
42 -A std -p tcp -m tcp -j ACCEPT --dport www
43 -A std -p tcp -m tcp -j ACCEPT --dport https
44 #accepting all SSH related services
45 -A std -p tcp -m tcp -j ACCEPT --dport ssh
46 #accepting all snmp related services
47 -A std -p udp -m udp -j ACCEPT --dport snmp
48 #===========================================================
49 #reject and longging all other packet type
51 #-----------------------------------------------------------
git://ftp.safe.ca / safe / jmp / vzgot / blob