-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy pathiptables.rules
More file actions
59 lines (41 loc) · 1.4 KB
/
iptables.rules
File metadata and controls
59 lines (41 loc) · 1.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
*filter
# default deny incoming traffic
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
#drop invalid packets on the ground
-A INPUT -m conntrack --ctstate INVALID -j DROP
# Allow inbound responses to outgoing traffic
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Accept traffic on localhost
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
# Accept all OUTPUT
-A OUTPUT -p ALL -o wlan0 -j ACCEPT
-A OUTPUT -p ALL -o tether -j ACCEPT
# Accept DHCP traffic (Access Point mode)
-A INPUT -p udp -m udp --dport 67 -i tether -j ACCEPT
# Accept 443 traffic (vic-gateway)
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# mDNS
-A INPUT -p udp --dport 5353 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
# dev-only
# ssh
-A INPUT -p tcp -m tcp -m tcp --dport 22 -j ACCEPT
# adb-over-tcp
-A INPUT -p tcp -m tcp -m tcp --dport 5555 -j ACCEPT
# rsync (dev-deployment)
-A INPUT -p tcp -m tcp -m tcp --dport 1873 -j ACCEPT
# webots
-A INPUT -p tcp -m tcp --dport 5103 -j ACCEPT
-A INPUT -p udp -m udp --dport 5103 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p udp -m udp --dport 8080 -j ACCEPT
# dev-webservices
-A INPUT -p tcp -m tcp -m multiport --dports 8887,8888,8889,8890 -j ACCEPT
# wwise profiler
-A INPUT -p tcp -m tcp -m multiport --dports 24024,24025,24026 -j ACCEPT
-A INPUT -p udp --dport 24024 -j ACCEPT
COMMIT