firewall_iptables/rules.v4

# Generated by iptables-save v1.8.7 on Mon Oct  2 20:48:26 2023
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p icmp -m icmp --icmp-type 8 -m comment --comment "accept incomming pings" -j ACCEPT
-A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -m comment --comment "accept incomming dhcp" -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -m comment --comment "accept incomming dns" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -m comment --comment "accept incomming dns" -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -m comment --comment "accept incomming ntp" -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "accept all incomming established and related trafic" -j ACCEPT
-A INPUT -i lo -m comment --comment "accept all incoming traffic of loopback device" -j ACCEPT
-A INPUT -i eth0 -m comment --comment "accept all incoming traffic of eth0.30 device" -j ACCEPT
-A INPUT -m comment --comment "Reject all remaining traffic" -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "forward all established and related traffic" -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 8 -m comment --comment "forward all pings" -j ACCEPT
-A FORWARD -p udp -m udp --dport 123 -m comment --comment "forward all ntp request" -j ACCEPT
-A FORWARD -p udp -m udp --sport 123 -m comment --comment "forward all ntp request" -j ACCEPT
-A FORWARD ! -d 192.168.0.0/16 -i eth0 -o eth0.10 -m comment --comment "forward all traffic from vlan30 to the internet" -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -i eth0 -o eth0.10 -m comment --comment "forward all traffic from vlan30 to vlan10" -j ACCEPT
-A FORWARD ! -d 192.168.0.0/16 -i eth0.40 -o eth0.10 -p tcp -m tcp --dport 80:443 -m comment --comment "forward all http and https traffic from vlan40 to the internet" -j ACCEPT
-A FORWARD ! -d 192.168.0.0/16 -i eth0.40 -o eth0.10 -p tcp -m tcp --dport 8080 -m comment --comment "forward port 8080 to the internet for siemens dishwasher" -j ACCEPT
-A FORWARD ! -d 192.168.0.0/16 -i eth0.60 -o eth0.10 -p tcp -m tcp --dport 80:443 -m comment --comment "forward all http and https traffic from vlan60 to the internet" -j ACCEPT
-A FORWARD -d 192.168.20.0/24 -i eth0 -o eth0.20 -m comment --comment "forward traffic from vlan30 to VLAN20" -j ACCEPT
-A FORWARD -d 192.168.30.0/24 -i eth0.40 -o eth0 -p tcp -m tcp --dport 1883 -m comment --comment "forward mqtt traffic from vlan40 to VLAN30" -j ACCEPT
-A FORWARD -d 192.168.30.0/24 -i eth0.50 -o eth0 -p tcp -m tcp --dport 1883 -m comment --comment "forward mqtt traffic from vlan50 to VLAN30" -j ACCEPT
-A FORWARD -d 192.168.30.0/24 -i eth0.50 -o eth0 -p tcp -m tcp --dport 21 -m comment --comment "forward ftp traffic from vlan50 to VLAN30 (brother printer)" -j ACCEPT
-A FORWARD -d 192.168.40.0/24 -i eth0 -o eth0.40 -m comment --comment "forward traffic from vlan30 to VLAN40" -j ACCEPT
-A FORWARD -d 192.168.50.0/24 -i eth0 -o eth0.50 -m comment --comment "forward traffic from vlan30 to VLAN50" -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -m comment --comment "accept outgoing pings" -j ACCEPT
-A OUTPUT -p udp -m udp --sport 67:68 --dport 67:68 -m comment --comment "accept outgoing dhcp" -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -m comment --comment "accept outgoing dns" -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -m comment --comment "accept outgoing dns" -j ACCEPT
-A OUTPUT -p udp -m udp --dport 123 -m comment --comment "accept outgoing ntp" -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -m comment --comment "accept outgoing ssh" -j ACCEPT
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "accept all outgoing established and related trafic" -j ACCEPT
-A OUTPUT -o lo -m comment --comment "accept all outgoing traffic of the loopback device" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "accept all outgoing traffic of the eth0.30 device" -j ACCEPT
-A OUTPUT ! -d 192.168.0.0/16 -o eth0.10 -m comment --comment "accept all outgoing traffic to the internet" -j ACCEPT
COMMIT
# Completed on Mon Oct  2 20:48:26 2023
# Generated by iptables-save v1.8.7 on Mon Oct  2 20:48:26 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0.10 -m comment --comment "masquerade ->eth0.10" -j MASQUERADE
-A POSTROUTING -o eth0.20 -m comment --comment "masquerade ->eth0.20" -j MASQUERADE
-A POSTROUTING -o eth0 -m comment --comment "masquerade ->eth0.30" -j MASQUERADE
-A POSTROUTING -o eth0.40 -m comment --comment "masquerade ->eth0.40" -j MASQUERADE
-A POSTROUTING -o eth0.50 -m comment --comment "masquerade ->eth0.50" -j MASQUERADE
COMMIT
# Completed on Mon Oct  2 20:48:26 2023
Rules adapted to vlan30 as eth0 (formaly vlan10 was eth0) 2023-10-02 20:50:14 +02:00			`# Generated by iptables-save v1.8.7 on Mon Oct 2 20:48:26 2023`
Initial firewall rules added 2023-10-02 19:33:54 +02:00			`*filter`
			`:INPUT DROP [0:0]`
Rules adapted to vlan30 as eth0 (formaly vlan10 was eth0) 2023-10-02 20:50:14 +02:00			`:FORWARD DROP [0:0]`
			`:OUTPUT DROP [0:0]`
Initial firewall rules added 2023-10-02 19:33:54 +02:00			`-A INPUT -p icmp -m icmp --icmp-type 8 -m comment --comment "accept incomming pings" -j ACCEPT`
			`-A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -m comment --comment "accept incomming dhcp" -j ACCEPT`
			`-A INPUT -p udp -m udp --dport 53 -m comment --comment "accept incomming dns" -j ACCEPT`
			`-A INPUT -p tcp -m tcp --dport 53 -m comment --comment "accept incomming dns" -j ACCEPT`
			`-A INPUT -p udp -m udp --dport 123 -m comment --comment "accept incomming ntp" -j ACCEPT`
			`-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "accept all incomming established and related trafic" -j ACCEPT`
			`-A INPUT -i lo -m comment --comment "accept all incoming traffic of loopback device" -j ACCEPT`
Rules adapted to vlan30 as eth0 (formaly vlan10 was eth0) 2023-10-02 20:50:14 +02:00			`-A INPUT -i eth0 -m comment --comment "accept all incoming traffic of eth0.30 device" -j ACCEPT`
Initial firewall rules added 2023-10-02 19:33:54 +02:00			`-A INPUT -m comment --comment "Reject all remaining traffic" -j REJECT --reject-with icmp-port-unreachable`
			`-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "forward all established and related traffic" -j ACCEPT`
			`-A FORWARD -p icmp -m icmp --icmp-type 8 -m comment --comment "forward all pings" -j ACCEPT`
			`-A FORWARD -p udp -m udp --dport 123 -m comment --comment "forward all ntp request" -j ACCEPT`
			`-A FORWARD -p udp -m udp --sport 123 -m comment --comment "forward all ntp request" -j ACCEPT`
Rules adapted to vlan30 as eth0 (formaly vlan10 was eth0) 2023-10-02 20:50:14 +02:00			`-A FORWARD ! -d 192.168.0.0/16 -i eth0 -o eth0.10 -m comment --comment "forward all traffic from vlan30 to the internet" -j ACCEPT`
			`-A FORWARD -d 192.168.0.0/24 -i eth0 -o eth0.10 -m comment --comment "forward all traffic from vlan30 to vlan10" -j ACCEPT`
			`-A FORWARD ! -d 192.168.0.0/16 -i eth0.40 -o eth0.10 -p tcp -m tcp --dport 80:443 -m comment --comment "forward all http and https traffic from vlan40 to the internet" -j ACCEPT`
			`-A FORWARD ! -d 192.168.0.0/16 -i eth0.40 -o eth0.10 -p tcp -m tcp --dport 8080 -m comment --comment "forward port 8080 to the internet for siemens dishwasher" -j ACCEPT`
			`-A FORWARD ! -d 192.168.0.0/16 -i eth0.60 -o eth0.10 -p tcp -m tcp --dport 80:443 -m comment --comment "forward all http and https traffic from vlan60 to the internet" -j ACCEPT`
			`-A FORWARD -d 192.168.20.0/24 -i eth0 -o eth0.20 -m comment --comment "forward traffic from vlan30 to VLAN20" -j ACCEPT`
			`-A FORWARD -d 192.168.30.0/24 -i eth0.40 -o eth0 -p tcp -m tcp --dport 1883 -m comment --comment "forward mqtt traffic from vlan40 to VLAN30" -j ACCEPT`
			`-A FORWARD -d 192.168.30.0/24 -i eth0.50 -o eth0 -p tcp -m tcp --dport 1883 -m comment --comment "forward mqtt traffic from vlan50 to VLAN30" -j ACCEPT`
			`-A FORWARD -d 192.168.30.0/24 -i eth0.50 -o eth0 -p tcp -m tcp --dport 21 -m comment --comment "forward ftp traffic from vlan50 to VLAN30 (brother printer)" -j ACCEPT`
			`-A FORWARD -d 192.168.40.0/24 -i eth0 -o eth0.40 -m comment --comment "forward traffic from vlan30 to VLAN40" -j ACCEPT`
			`-A FORWARD -d 192.168.50.0/24 -i eth0 -o eth0.50 -m comment --comment "forward traffic from vlan30 to VLAN50" -j ACCEPT`
Initial firewall rules added 2023-10-02 19:33:54 +02:00			`-A OUTPUT -p icmp -m icmp --icmp-type 8 -m comment --comment "accept outgoing pings" -j ACCEPT`
			`-A OUTPUT -p udp -m udp --sport 67:68 --dport 67:68 -m comment --comment "accept outgoing dhcp" -j ACCEPT`
			`-A OUTPUT -p udp -m udp --dport 53 -m comment --comment "accept outgoing dns" -j ACCEPT`
			`-A OUTPUT -p tcp -m tcp --dport 53 -m comment --comment "accept outgoing dns" -j ACCEPT`
			`-A OUTPUT -p udp -m udp --dport 123 -m comment --comment "accept outgoing ntp" -j ACCEPT`
			`-A OUTPUT -p tcp -m tcp --dport 22 -m comment --comment "accept outgoing ssh" -j ACCEPT`
			`-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "accept all outgoing established and related trafic" -j ACCEPT`
			`-A OUTPUT -o lo -m comment --comment "accept all outgoing traffic of the loopback device" -j ACCEPT`
Rules adapted to vlan30 as eth0 (formaly vlan10 was eth0) 2023-10-02 20:50:14 +02:00			`-A OUTPUT -o eth0 -m comment --comment "accept all outgoing traffic of the eth0.30 device" -j ACCEPT`
			`-A OUTPUT ! -d 192.168.0.0/16 -o eth0.10 -m comment --comment "accept all outgoing traffic to the internet" -j ACCEPT`
Initial firewall rules added 2023-10-02 19:33:54 +02:00			`COMMIT`
Rules adapted to vlan30 as eth0 (formaly vlan10 was eth0) 2023-10-02 20:50:14 +02:00			`# Completed on Mon Oct 2 20:48:26 2023`
			`# Generated by iptables-save v1.8.7 on Mon Oct 2 20:48:26 2023`
Initial firewall rules added 2023-10-02 19:33:54 +02:00			`*nat`
			`:PREROUTING ACCEPT [0:0]`
			`:INPUT ACCEPT [0:0]`
			`:OUTPUT ACCEPT [0:0]`
			`:POSTROUTING ACCEPT [0:0]`
Rules adapted to vlan30 as eth0 (formaly vlan10 was eth0) 2023-10-02 20:50:14 +02:00			`-A POSTROUTING -o eth0.10 -m comment --comment "masquerade ->eth0.10" -j MASQUERADE`
Initial firewall rules added 2023-10-02 19:33:54 +02:00			`-A POSTROUTING -o eth0.20 -m comment --comment "masquerade ->eth0.20" -j MASQUERADE`
Rules adapted to vlan30 as eth0 (formaly vlan10 was eth0) 2023-10-02 20:50:14 +02:00			`-A POSTROUTING -o eth0 -m comment --comment "masquerade ->eth0.30" -j MASQUERADE`
Initial firewall rules added 2023-10-02 19:33:54 +02:00			`-A POSTROUTING -o eth0.40 -m comment --comment "masquerade ->eth0.40" -j MASQUERADE`
			`-A POSTROUTING -o eth0.50 -m comment --comment "masquerade ->eth0.50" -j MASQUERADE`
			`COMMIT`
Rules adapted to vlan30 as eth0 (formaly vlan10 was eth0) 2023-10-02 20:50:14 +02:00			`# Completed on Mon Oct 2 20:48:26 2023`