LINUX.ORG.RU

История изменений

Исправление Shulman, (текущая версия) : 

root@vesta4:/home/nommaner# cat ~/iptables-save
# Generated by iptables-save v1.6.0 on Mon Dec  2 08:09:59 2019
*filter
:INPUT DROP [91:9371]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6636:12599766]
:f2b-sshd - [0:0]
:fail2ban-FTP - [0:0]
:fail2ban-MAIL - [0:0]
:fail2ban-SSH - [0:0]
:fail2ban-VESTA - [0:0]
:vesta - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 25,465,587,2525,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-VESTA
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -s 192.168.2.11/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -s 178.208.255.149/32 -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306,5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A fail2ban-FTP -j RETURN
-A fail2ban-MAIL -s 92.118.38.38/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 46.38.144.17/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 46.38.144.179/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 46.38.144.202/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 92.118.38.55/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 46.38.144.57/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -j RETURN
-A fail2ban-SSH -s 185.232.67.6/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 159.65.146.250/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 80.211.180.203/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 222.186.175.202/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 222.186.173.215/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 185.232.67.6/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -j RETURN
-A fail2ban-VESTA -j RETURN
COMMIT

Исходная версия Shulman, : 

root@vesta4:/home/nommaner# cat ~/iptables-save
# Generated by iptables-save v1.6.0 on Mon Dec  2 08:09:59 2019
*filter
:INPUT DROP [91:9371]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6636:12599766]
:f2b-sshd - [0:0]
:fail2ban-FTP - [0:0]
:fail2ban-MAIL - [0:0]
:fail2ban-SSH - [0:0]
:fail2ban-VESTA - [0:0]
:vesta - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 25,465,587,2525,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-VESTA
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -s 192.168.2.11/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -s 178.208.255.149/32 -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306,5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A fail2ban-FTP -j RETURN
-A fail2ban-MAIL -s 92.118.38.38/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 46.38.144.17/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 46.38.144.179/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 46.38.144.202/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 92.118.38.55/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -s 46.38.144.57/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-MAIL -j RETURN
-A fail2ban-SSH -s 185.232.67.6/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 159.65.146.250/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 80.211.180.203/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 222.186.175.202/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 222.186.173.215/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 185.232.67.6/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -j RETURN
-A fail2ban-VESTA -j RETURN
COMMIT

[/cdoe]