Comments (1)
@rowlandm
I am copying the content of your rules.v4.txt bellow and closing the issue.
Thank you very much !
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
*filter
# Allow all outgoing, but drop incoming and forwarding packets by default
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
# Custom Docker chains
:DOCKER - [0:0]
:DOCKER-ISOLATION - [0:0]
# Custom per-protocol chains
:UDP - [0:0]
:TCP - [0:0]
:ICMP - [0:0]
# Acceptable Docker traffic
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION -j RETURN
# Acceptable UDP traffic
# Acceptable TCP traffic
-A TCP -p tcp --dport 22 -j ACCEPT
#-A TCP -p tcp --dport 80 -j ACCEPT
#-A TCP -p tcp --dport 443 -j ACCEPT
#http
-A TCP -s 203.101.227.3 -p tcp --dport 80 -j ACCEPT
-A TCP -s 45.113.232.155 -p tcp --dport 80 -j ACCEPT
-A TCP -s 43.240.97.231 -p tcp --dport 80 -j ACCEPT
-A TCP -s 43.240.96.62 -p tcp --dport 80 -j ACCEPT
-A TCP -s 115.146.86.78 -p tcp --dport 80 -j ACCEPT
-A TCP -s 203.101.226.197 -p tcp --dport 80 -j ACCEPT
-A TCP -s 115.146.88.148 -p tcp --dport 80 -j ACCEPT
-A TCP -s 203.101.234.122 -p tcp --dport 80 -j ACCEPT
#https
-A TCP -s 203.101.227.3 -p tcp --dport 443 -j ACCEPT
-A TCP -s 45.113.232.155 -p tcp --dport 443 -j ACCEPT
-A TCP -s 43.240.97.231 -p tcp --dport 443 -j ACCEPT
-A TCP -s 43.240.96.62 -p tcp --dport 443 -j ACCEPT
-A TCP -s 115.146.86.78 -p tcp --dport 443 -j ACCEPT
-A TCP -s 203.101.226.197 -p tcp --dport 443 -j ACCEPT
-A TCP -s 115.146.88.148 -p tcp --dport 443 -j ACCEPT
-A TCP -s 203.101.234.122 -p tcp --dport 443 -j ACCEPT
#rowland
-A TCP -s 220.237.12.233 -p tcp --dport 443 -j ACCEPT
-A TCP -s 220.237.12.233 -p tcp --dport 80 -j ACCEPT
#Isha
-A TCP -s 61.68.224.97 -p tcp --dport 443 -j ACCEPT
-A TCP -s 61.68.224.97 -p tcp --dport 80 -j ACCEPT
#steve
-A TCP -s 60.241.107.11 -p tcp --dport 443 -j ACCEPT
-A TCP -s 60.241.107.11 -p tcp --dport 80 -j ACCEPT
# Acceptable ICMP traffic
-A INPUT -p icmp -j ACCEPT
# Boilerplate acceptance policy
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i lo -j ACCEPT
# Drop invalid packets
-A INPUT -m conntrack --ctstate INVALID -j DROP
# Pass traffic to protocol-specific chains
## Only allow new connections (established and related should already be handled)
## For TCP, additionally only allow new SYN packets since that is the only valid
## method for establishing a new TCP connection
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
#-A INPUT -p icmp -m conntrack --ctstate NEW -j ICMP
# Reject anything that's fallen through to this point
## Try to be protocol-specific w/ rejection message
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
# Commit the changes
COMMIT
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*security
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
from galaxykickstart.
Related Issues (20)
- miniconda https issue behind proxy
- Resolving nginx permission denied issues HOT 1
- nginx-upload-module for Debian HOT 3
- playbook breaks on missing nginx file HOT 2
- Playbook completes without errors but navigation to ip shows apache default page HOT 1
- Byte-range request issues HOT 7
- Job Script Integrity HOT 1
- problem when trying to run galaxy.yml playbook HOT 4
- metavisitor-2 update process HOT 1
- metavisitor-2 worflows 1-1, 1-2 and 1-3 HOT 2
- metavisitor-2 workflow 3-3 HOT 2
- GalaxyKickStart for Centos HOT 7
- GPL license usage HOT 2
- GalaxyKickstart change ansible version in run_galaxykickstart.sh HOT 1
- GalaxyKickstart docker error when playing the playbook HOT 6
- Fixes for GalaxyKickStart HOT 3
- Ubuntu 20.04 HOT 4
- User Management interface in admin menu not working HOT 2
- How to install new tools
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from galaxykickstart.