mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
fix iptables
This commit is contained in:
m0duspwnens
@@ -91,7 +91,9 @@ COMMIT
|
||||
{%- endfor %}
|
||||
|
||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
||||
-A INPUT -p icmp -j ACCEPT
|
||||
-A INPUT -j LOGGING
|
||||
-A FORWARD -j DOCKER-USER
|
||||
@@ -101,6 +103,10 @@ COMMIT
|
||||
-A FORWARD -i sosbridge ! -o sosbridge -j ACCEPT
|
||||
-A FORWARD -i sosbridge -o sosbridge -j ACCEPT
|
||||
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
-A FORWARD -i lo -j ACCEPT
|
||||
-A FORWARD -m conntrack --ctstate INVALID -j DROP
|
||||
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
|
||||
-A OUTPUT -o lo -j ACCEPT
|
||||
-A OUTPUT -p icmp -m icmp --icmp-type 14 -j DROP
|
||||
|
||||
{%- for rule in D2 %}
|
||||
@@ -112,6 +118,7 @@ COMMIT
|
||||
-A DOCKER-ISOLATION-STAGE-2 -o sosbridge -j DROP
|
||||
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
|
||||
-A DOCKER-USER ! -i sosbridge -o sosbridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
-A DOCKER-USER ! -i sosbridge -o sosbridge -j LOGGING
|
||||
-A DOCKER-USER -j RETURN
|
||||
-A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-dropped: "
|
||||
-A LOGGING -j DROP
|
||||
|
||||
Reference in New Issue
Block a user