-# Generated by xtables-save v1.8.2 on Mon Apr 12 15:21:35 2021
+# Generated by xtables-save v1.8.2 on Mon Apr 12 16:21:35 2021
*filter
-:INPUT ACCEPT [0:0]
+:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
+:icinga2 - [0:0]
+:rejects - [0:0]
+:mysql - [0:0]
+:portrejects - [0:0]
+-A INPUT -j rejects
+-A INPUT -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -m state --state RELATED -j ACCEPT
+-A INPUT -i lo -m comment --comment myself -j ACCEPT
+-A INPUT -p icmp -m icmp --icmp-type 8 -m comment --comment echo-request -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -p udp -m udp --dport 68 -m comment --comment "bootp / dhcp" -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 22 -m comment --comment SSH -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 80 -m comment --comment HTTP -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 443 -m comment --comment HTTPS -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 25 -m comment --comment SMTP -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 587 -m comment --comment Submission -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 110 -m comment --comment POP3 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 995 -m comment --comment POP3S -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 143 -m comment --comment IMAP -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 993 -m comment --comment IMAPS -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 4190 -m comment --comment Sieve -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 25565 -m comment --comment Minecraft -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 3306 -j mysql
+-A INPUT -p tcp -m tcp --dport 5665 -j icinga2
+-A INPUT -j portrejects
+-A INPUT -j NFLOG --nflog-prefix "IPv4 INPUT Reject " --nflog-threshold 1
+-A INPUT -j REJECT --reject-with icmp-port-unreachable
+-A icinga2 -s 185.48.118.128/32 -m comment --comment ns1 -j ACCEPT
+-A icinga2 -s 162.254.24.33/32 -m comment --comment ns2 -j ACCEPT
+-A icinga2 -s 185.102.95.107/32 -m comment --comment ns3 -j ACCEPT
+-A icinga2 -j NFLOG --nflog-prefix "IPv4 icinga2 Reject " --nflog-threshold 1
+-A icinga2 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -j RETURN
+-A mysql -s 185.48.118.128/32 -m comment --comment ns1 -j ACCEPT
+-A mysql -s 162.254.24.33/32 -m comment --comment ns2 -j ACCEPT
+-A mysql -s 185.102.95.107/32 -m comment --comment ns3 -j ACCEPT
+-A mysql -s 185.48.118.130/32 -m comment --comment sarah -j ACCEPT
+-A mysql -j NFLOG --nflog-prefix "IPv4 mysql Reject " --nflog-threshold 1
+-A mysql -j REJECT --reject-with icmp-port-unreachable
+-A portrejects -p tcp -m tcp --dport 23 -m comment --comment Telnet -j REJECT --reject-with icmp-port-unreachable
+-A portrejects -p tcp -m tcp --dport 445 -m comment --comment "Microsoft DS" -j REJECT --reject-with icmp-port-unreachable
+-A portrejects -p udp -m udp --dport 137 -m comment --comment "Netbios NS" -j REJECT --reject-with icmp-port-unreachable
+-A portrejects -p tcp -m tcp --dport 137 -m comment --comment "Netbios NS" -j REJECT --reject-with icmp-port-unreachable
+-A portrejects -p tcp -m tcp --dport 1433 -m comment --comment "MS SQL" -j REJECT --reject-with icmp-port-unreachable
+-A portrejects -p udp -m udp --dport 5060 -m comment --comment SIP -j REJECT --reject-with icmp-port-unreachable
+-A portrejects -p tcp -m tcp --dport 5060 -m comment --comment SIP -j REJECT --reject-with icmp-port-unreachable
+-A portrejects -p tcp -m tcp --dport 8080 -m comment --comment "HTTP alternativ" -j REJECT --reject-with icmp-port-unreachable
+-A portrejects -p tcp -m tcp --dport 1900 -j REJECT --reject-with icmp-port-unreachable
+-A portrejects -p tcp -m tcp --dport 2323 -j REJECT --reject-with icmp-port-unreachable
+-A portrejects -p tcp -m tcp --dport 3389 -j REJECT --reject-with icmp-port-unreachable
+-A portrejects -j RETURN
COMMIT
-# Completed on Mon Apr 12 15:21:35 2021
+# Completed on Mon Apr 12 16:21:35 2021
-# Generated by xtables-save v1.8.2 on Mon Apr 12 15:21:35 2021
+# Generated by xtables-save v1.8.2 on Mon Apr 12 16:21:35 2021
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:mysql - [0:0]
+:icinga2 - [0:0]
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -m comment --comment "POP3 + POP3S" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4190 -m comment --comment Sieve -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j mysql
+-A INPUT -p tcp -m tcp --dport 5665 -m comment --comment Icinga -j icinga2
-A INPUT -j NFLOG --nflog-prefix "IPv6 INPUT Reject " --nflog-threshold 1
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
-A mysql -s ::1/128 -j ACCEPT
-A mysql -s 2a06:2380:0:1::3a/128 -m comment --comment ns3 -j ACCEPT
-A mysql -j NFLOG --nflog-prefix "IPv6 MySQL Reject " --nflog-threshold 1
-A mysql -j REJECT --reject-with icmp6-port-unreachable
+-A icinga2 -s 2a06:2380:0:1::3a/128 -m comment --comment ns3 -j ACCEPT
+-A icinga2 -j NFLOG --nflog-prefix "IPv6 icinga2 Reject " --nflog-threshold 1
+-A icinga2 -j REJECT --reject-with icmp6-port-unreachable
COMMIT
-# Completed on Mon Apr 12 15:21:35 2021
+# Completed on Mon Apr 12 16:21:35 2021
missingok
compress
delaycompress
- sharedscripts
create 640 ulog adm
+ minsize 4M
+ sharedscripts
postrotate
if [ -d /run/systemd/system ] && command systemctl >/dev/null 2>&1 && systemctl is-active --quiet ulogd2.service; then
systemctl kill --kill-who main --signal=SIGHUP ulogd2.service
fi
endscript
}
+
+# vim: ts=4 filetype=conf noet
|_| |_|\___|_|\__, |\__,_|
|___/
-Eine Kunstrichtung hat sich erst dann durchgesetzt, wenn sie auch von
-den Schaufensterdekorateuren praktiziert wird.
- -- Pablo Picasso
+Eigentümlichkeit ruft Eigentümlichkeit hervor.
+ -- Goethe, Maximen und Reflektionen, Nr. 59
Today is Boomtime, the 29th day of Discord in the YOLD 3187
# 1. load the plugins _first_ from the global section
# 2. options for each plugin in seperate section below
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_NFLOG.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_ULOG.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_NFLOG.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_ULOG.so"
#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_UNIXSOCK.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inpflow_NFCT.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IFINDEX.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2STR.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2BIN.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inpflow_NFCT.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IFINDEX.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2STR.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2BIN.so"
#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2HBIN.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTPKT.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_HWHDR.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTFLOW.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTPKT.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_HWHDR.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTFLOW.so"
#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_MARK.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_LOGEMU.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_SYSLOG.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_LOGEMU.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_SYSLOG.so"
#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_XML.so"
#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_SQLITE3.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_GPRINT.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_GPRINT.so"
#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_NACCT.so"
#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_PCAP.so"
#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_PGSQL.so"
#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_MYSQL.so"
#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_DBI.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_raw2packet_BASE.so"
-#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inpflow_NFACCT.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_raw2packet_BASE.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inpflow_NFACCT.so"
#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_GRAPHITE.so"
#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_JSON.so"
projects / config / helga-hetzner / etc.git / commitdiff