Changes between Version 9 and Version 10 of HowTo/SakuraVpsSetup3


Ignore:
Timestamp:
Apr 29, 2017, 10:31:59 PM (7 years ago)
Author:
村山 俊之
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • HowTo/SakuraVpsSetup3

    v9 v10  
    135135/sbin/iptables -A INPUT -i lo -j ACCEPT
    136136
    137 /sbin/iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 22,25,53,587,993,80,443 -j ACCEPT
     137/sbin/iptables -A INPUT -m tcp -p tcp -m state --state NEW --dport 53 -j ACCEPT
     138/sbin/iptables -A INPUT -m udp -p udp -m state --state NEW --dport 53 -j ACCEPT
     139/sbin/iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 22,25,587,993,80,443 -j ACCEPT
    138140/sbin/iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
    139141/sbin/iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable
     
    164166/sbin/ip6tables -A INPUT -i lo -j ACCEPT
    165167
    166 /sbin/ip6tables -A INPUT -p tcp -m state --state NEW -m multiport --dports 22,25,53,587,993,80,443 -j ACCEPT
     168/sbin/ip6tables -A INPUT -m tcp -p tcp -m state --state NEW --dport 53 -j ACCEPT
     169/sbin/ip6tables -A INPUT -m udp -p udp -m state --state NEW --dport 53 -j ACCEPT
     170/sbin/ip6tables -A INPUT -p tcp -m state --state NEW -m multiport --dports 22,25,587,993,80,443 -j ACCEPT
    167171/sbin/ip6tables -A INPUT -j REJECT --reject-with icmp6-port-unreachable
    168172/sbin/ip6tables -A FORWARD -j REJECT --reject-with icmp6-port-unreachable
     
    183187ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
    184188ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
    185 ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW multiport dports 22,25,53,587,993,80,443
     189ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53 state NEW
     190ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53 state NEW
     191ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW multiport dports 22,25,587,993,80,443
    186192REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    187193
     
    199205ACCEPT     icmp     ::/0                 ::/0               
    200206ACCEPT     all      ::/0                 ::/0               
    201 ACCEPT     tcp      ::/0                 ::/0                 state NEW multiport dports 22,25,53,587,993,80,443
     207ACCEPT     tcp      ::/0                 ::/0                 tcp dpt:53 state NEW
     208ACCEPT     udp      ::/0                 ::/0                 udp dpt:53 state NEW
     209ACCEPT     tcp      ::/0                 ::/0                 state NEW multiport dports 22,25,587,993,80,443
    202210REJECT     all      ::/0                 ::/0                 reject-with icmp6-port-unreachable
    203211
     
    219227{{{
    220228# cat /etc/iptables/rules.v4
    221 # Generated by iptables-save v1.6.0 on Sat Apr 29 06:40:35 2017
     229# Generated by iptables-save v1.6.0 on Sat Apr 29 22:29:46 2017
    222230*filter
    223231:INPUT ACCEPT [0:0]
    224232:FORWARD ACCEPT [0:0]
    225 :OUTPUT ACCEPT [283:43644]
     233:OUTPUT ACCEPT [36:3368]
    226234-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    227235-A INPUT -p icmp -j ACCEPT
    228236-A INPUT -i lo -j ACCEPT
    229 -A INPUT -p tcp -m state --state NEW -m multiport --dports 22,25,53,587,993,80,443 -j ACCEPT
     237-A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
     238-A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
     239-A INPUT -p tcp -m state --state NEW -m multiport --dports 22,25,587,993,80,443 -j ACCEPT
    230240-A INPUT -j REJECT --reject-with icmp-port-unreachable
    231241-A FORWARD -j REJECT --reject-with icmp-port-unreachable
    232242-A OUTPUT -p udp -m udp -m multiport --dports 161,162 -j REJECT --reject-with icmp-port-unreachable
    233243COMMIT
    234 # Completed on Sat Apr 29 06:40:35 2017
     244# Completed on Sat Apr 29 22:29:46 2017
    235245# cat /etc/iptables/rules.v6
    236 # Generated by ip6tables-save v1.6.0 on Sat Apr 29 06:40:35 2017
     246# Generated by ip6tables-save v1.6.0 on Sat Apr 29 22:29:46 2017
    237247*filter
    238248:INPUT ACCEPT [0:0]
     
    242252-A INPUT -p icmp -j ACCEPT
    243253-A INPUT -i lo -j ACCEPT
    244 -A INPUT -p tcp -m state --state NEW -m multiport --dports 22,25,53,587,993,80,443 -j ACCEPT
     254-A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
     255-A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
     256-A INPUT -p tcp -m state --state NEW -m multiport --dports 22,25,587,993,80,443 -j ACCEPT
    245257-A INPUT -j REJECT --reject-with icmp6-port-unreachable
    246258-A FORWARD -j REJECT --reject-with icmp6-port-unreachable
    247259-A OUTPUT -p udp -m udp -m multiport --dports 161,162 -j REJECT --reject-with icmp6-port-unreachable
    248260COMMIT
    249 # Completed on Sat Apr 29 06:40:35 2017
     261# Completed on Sat Apr 29 22:29:46 2017
    250262#
    251263}}}