saving uncommitted changes in /etc prior to apt run

diff --git a/iptables/rules.v4 b/iptables/rules.v4
index f04d5676badb957bcd9e4827b7e608007efac453..528c11d32c7f4ac768139988f889bbc4a0869f1f 100644 (file)
--- a/iptables/rules.v4
+++ b/iptables/rules.v4
@@ -1,10 +1,26 @@
-# Generated by iptables-save v1.6.0 on Thu Jul 20 10:58:29 2017
+# Generated by iptables-save v1.6.0 on Tue Oct 10 22:26:19 2017
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [75:13967]
+:OUTPUT ACCEPT [6873:1266143]
+:f2b-apache - [0:0]
+:f2b-apache-modsecurity - [0:0]
+:f2b-apache-nohome - [0:0]
+:f2b-apache-noscript - [0:0]
+:f2b-apache-overflows - [0:0]
+:f2b-postfix - [0:0]
+:f2b-ssh - [0:0]
+:f2b-sshd - [0:0]
 :rejects - [0:0]
 :salt-master - [0:0]
+-A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh
+-A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix
+-A INPUT -p tcp -m multiport --dports 0:65535 -j f2b-sshd
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-nohome
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-overflows
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-noscript
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache
 -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
@@ -23,6 +39,14 @@
 -A INPUT -j rejects
 -A INPUT -j NFLOG --nflog-prefix  "IPv4 INPUT Reject " --nflog-threshold 1
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
+-A f2b-apache -j RETURN
+-A f2b-apache-modsecurity -j RETURN
+-A f2b-apache-nohome -j RETURN
+-A f2b-apache-noscript -j RETURN
+-A f2b-apache-overflows -j RETURN
+-A f2b-postfix -j RETURN
+-A f2b-ssh -j RETURN
+-A f2b-sshd -j RETURN
 -A rejects -s 134.119.179.226/32 -j REJECT --reject-with icmp-port-unreachable
 -A rejects -p tcp -m tcp --dport 23 -j REJECT --reject-with icmp-port-unreachable
 -A rejects -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-unreachable
@@ -45,4 +69,4 @@
 -A salt-master -j NFLOG --nflog-prefix  "IPv4 Salt Reject " --nflog-threshold 1
 -A salt-master -j REJECT --reject-with icmp-port-unreachable
 COMMIT
-# Completed on Thu Jul 20 10:58:29 2017
+# Completed on Tue Oct 10 22:26:19 2017

diff --git a/iptables/rules.v6 b/iptables/rules.v6
index 786565be895e300551915c7db4ac632dc26f464e..04f83685d58224121cdb0abc3b2c3ce03e08a511 100644 (file)
--- a/iptables/rules.v6
+++ b/iptables/rules.v6
@@ -1,8 +1,8 @@
-# Generated by ip6tables-save v1.6.0 on Thu Jul 20 10:58:29 2017
+# Generated by ip6tables-save v1.6.0 on Tue Oct 10 22:26:19 2017
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [5050:487121]
+:OUTPUT ACCEPT [938318:240511532]
 :salt-master - [0:0]
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED -j ACCEPT
@@ -29,4 +29,4 @@
 -A salt-master -j NFLOG --nflog-prefix  "IPv6 Salt Reject " --nflog-threshold 1
 -A salt-master -j REJECT --reject-with icmp6-port-unreachable
 COMMIT
-# Completed on Thu Jul 20 10:58:29 2017
+# Completed on Tue Oct 10 22:26:19 2017