Update configs for tommy.

2023-11-11 22:25:06 +00:00 · 2023-11-11 22:25:06 +00:00 · 0bf6b014e2
commit 0bf6b014e2
parent 41236f47c9
57 changed files with 206 additions and 279 deletions
--- a/etc/iptables/ip6tables.rules
+++ b/etc/iptables/ip6tables.rules
@ -0,0 +1,36 @@
+# Generated by ip6tables-save v1.8.9 on Sat Nov 11 18:23:41 2023
+*mangle
+:PREROUTING ACCEPT [31:5612]
+:INPUT ACCEPT [31:5612]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+COMMIT
+# Completed on Sat Nov 11 18:23:41 2023
+# Generated by ip6tables-save v1.8.9 on Sat Nov 11 18:23:41 2023
+*nat
+:PREROUTING ACCEPT [4:1508]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+COMMIT
+# Completed on Sat Nov 11 18:23:41 2023
+# Generated by ip6tables-save v1.8.9 on Sat Nov 11 18:23:41 2023
+*filter
+:INPUT DROP [31:5612]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m conntrack --ctstate INVALID -j DROP
+-A INPUT -i wlp0s20f3 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i wlp0s20f3 -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT
+COMMIT
+# Completed on Sat Nov 11 18:23:41 2023
--- a/etc/iptables/iptables.rules
+++ b/etc/iptables/iptables.rules
@ -0,0 +1,33 @@
+# Generated by iptables-save v1.8.9 on Sat Nov 11 18:23:11 2023
+*mangle
+:PREROUTING ACCEPT [252:35644]
+:INPUT ACCEPT [252:35644]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [197:113683]
+:POSTROUTING ACCEPT [197:113683]
+COMMIT
+# Completed on Sat Nov 11 18:23:11 2023
+# Generated by iptables-save v1.8.9 on Sat Nov 11 18:23:11 2023
+*nat
+:PREROUTING ACCEPT [33:2255]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [8:1852]
+:POSTROUTING ACCEPT [8:1852]
+COMMIT
+# Completed on Sat Nov 11 18:23:11 2023
+# Generated by iptables-save v1.8.9 on Sat Nov 11 18:23:11 2023
+*filter
+:INPUT DROP [33:2255]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [197:113683]
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m conntrack --ctstate INVALID -j DROP
+-A INPUT -i wlp0s20f3 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i wlp0s20f3 -p icmp -m icmp --icmp-type 8 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p icmp -m icmp --icmp-type 0 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p icmp -m icmp --icmp-type 3 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p icmp -m icmp --icmp-type 11 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p icmp -m icmp --icmp-type 12 -j ACCEPT
+-A INPUT -i wlp0s20f3 -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT
+COMMIT
+# Completed on Sat Nov 11 18:23:11 2023