Projet

Général

Profil

Exemple regles bastion.txt

Jean-Marc MELET, 09/12/2016 17:37

Télécharger (5,3 ko)

 
1 
root@amon25.maket-labo.local:~# iptables -t nat -S POSTROUTING
2 
-P POSTROUTING ACCEPT
3 
-A POSTROUTING -s 10.4.201.0/25 -d 10.104.201.240/28 -o eth0 -j SNAT --to-source 10.104.201.245
4 
-A POSTROUTING -s 10.4.201.0/25 -d 10.0.0.0/8 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
5 
-A POSTROUTING -s 10.4.201.0/25 -d 10.0.0.0/8 -o eth0 -m state --state NEW -j ACCEPT
6 
-A POSTROUTING -s 10.4.201.0/25 -d 172.16.0.0/12 -o eth0 -m state --state NEW -j ACCEPT
7 
-A POSTROUTING -s 10.4.201.0/25 -d 10.104.201.240/28 -o eth0 -j SNAT --to-source 10.104.201.245
8 
-A POSTROUTING -s 10.4.201.0/25 -d 161.48.0.0/19 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
9 
-A POSTROUTING -s 10.4.201.0/25 -d 161.48.0.0/19 -o eth0 -m state --state NEW -j ACCEPT
10 
-A POSTROUTING -s 10.4.201.0/25 -d 10.104.201.240/28 -o eth0 -j SNAT --to-source 10.104.201.245
11 
-A POSTROUTING -s 10.4.201.0/25 -d 192.168.0.0/16 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
12 
-A POSTROUTING -s 10.4.201.0/25 -d 192.168.0.0/16 -o eth0 -m state --state NEW -j ACCEPT
13 
-A POSTROUTING -s 10.4.201.0/25 -d 10.0.13.0/24 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
14 
-A POSTROUTING -s 10.4.201.0/25 -d 10.0.13.0/24 -o eth0 -m state --state NEW -j ACCEPT
15 
-A POSTROUTING -o eth0 -m mark --mark 0x1 -j SNAT --to-source 10.104.201.245
16 
-A POSTROUTING -o eth0 -m mark --mark 0x2 -j SNAT --to-source 10.104.201.242
17 

    		
  

  

    
      18
    
    
      
root@amon25.maket-labo.local:~# iptables -t nat -S POSTROUTING


    		
  

  

    
      19
    
    
      
-P POSTROUTING ACCEPT


    		
  

  

    
      20
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.104.201.240/28 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      21
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.0.0.0/8 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT


    		
  

  

    
      22
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.0.0.0/8 -o eth0 -m state --state NEW -j ACCEPT


    		
  

  

    
      23
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.104.201.240/28 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      24
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 172.16.0.0/12 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT


    		
  

  

    
      25
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 172.16.0.0/12 -o eth0 -m state --state NEW -j ACCEPT


    		
  

  

    
      26
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.104.201.240/28 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      27
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 161.48.0.0/19 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT


    		
  

  

    
      28
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 161.48.0.0/19 -o eth0 -m state --state NEW -j ACCEPT


    		
  

  

    
      29
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.104.201.240/28 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      30
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 192.168.0.0/16 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT


    		
  

  

    
      31
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 192.168.0.0/16 -o eth0 -m state --state NEW -j ACCEPT


    		
  

  

    
      32
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.104.201.240/28 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      33
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.0.13.0/24 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT


    		
  

  

    
      34
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.0.13.0/24 -o eth0 -m state --state NEW -j ACCEPT


    		
  

  

    
      35
    
    
      
-A POSTROUTING -d 172.16.240.1/32 -o eth2 -p tcp -m tcp --dport 4200 -j SNAT --to-source 172.16.240.245


    		
  

  

    
      36
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      37
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      38
    
    
      
-A POSTROUTING -s 172.16.240.0/21 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      39
    
    
      
-A POSTROUTING -s 10.104.201.64/26 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      40
    
    
      
-A POSTROUTING -o eth0 -m mark --mark 0x1 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      41
    
    
      
-A POSTROUTING -o eth0 -m mark --mark 0x2 -j SNAT --to-source 10.104.201.242


    		
  

  

    
      42
    
    
      

    		
  

  

    
      43
    
    
      
root@amon25.maket-labo.local:~# iptables -t nat -S POSTROUTING


    		
  

  

    
      44
    
    
      
-P POSTROUTING ACCEPT


    		
  

  

    
      45
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.104.201.240/28 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      46
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.0.0.0/8 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT


    		
  

  

    
      47
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.0.0.0/8 -o eth0 -m state --state NEW -j ACCEPT


    		
  

  

    
      48
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.104.201.240/28 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      49
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 172.16.0.0/12 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT


    		
  

  

    
      50
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 172.16.0.0/12 -o eth0 -m state --state NEW -j ACCEPT


    		
  

  

    
      51
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.104.201.240/28 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      52
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 161.48.0.0/19 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT


    		
  

  

    
      53
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 161.48.0.0/19 -o eth0 -m state --state NEW -j ACCEPT


    		
  

  

    
      54
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.104.201.240/28 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      55
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 192.168.0.0/16 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT


    		
  

  

    
      56
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 192.168.0.0/16 -o eth0 -m state --state NEW -j ACCEPT


    		
  

  

    
      57
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.0.13.0/24 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT


    		
  

  

    
      58
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -d 10.0.13.0/24 -o eth0 -m state --state NEW -j ACCEPT


    		
  

  

    
      59
    
    
      
-A POSTROUTING -d 172.16.240.1/32 -o eth2 -p tcp -m tcp --dport 4200 -j SNAT --to-source 172.16.240.245


    		
  

  

    
      60
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      61
    
    
      
-A POSTROUTING -s 10.4.201.0/25 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      62
    
    
      
-A POSTROUTING -s 172.16.240.0/21 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      63
    
    
      
-A POSTROUTING -s 10.104.201.64/26 -o eth0 -j SNAT --to-source 10.104.201.245


    		
  

  

    
      64
    
    
      
-A POSTROUTING -o eth0 -m mark --mark 0x2 -j SNAT --to-source 10.104.201.242