Code: Select all
*filter
:INPUT ACCEPT [1834:1987621]
:FORWARD DROP [1211:93812]
:OUTPUT ACCEPT [0:0]
-A OUTPUT ! -s 127.0.0.1/32 ! -d 127.0.0.1/32 ! -o lo -p tcp -m tcp --tcp-flags RST,ACK RST,ACK -j DROP
-A OUTPUT ! -s 127.0.0.1/32 ! -d 127.0.0.1/32 ! -o lo -p tcp -m tcp --tcp-flags FIN,ACK FIN,ACK -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -d 127.0.0.0/9 -j ACCEPT
-A OUTPUT -d 127.128.0.0/10 -j ACCEPT
-A OUTPUT -d 127.0.0.0/8 -j ACCEPT
-A OUTPUT -d 192.168.0.0/16 -j ACCEPT
-A OUTPUT -d 172.16.0.0/12 -j ACCEPT
-A OUTPUT -m owner --uid-owner 129 -j ACCEPT
-A OUTPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Sat Aug 6 15:58:37 2022
# Generated by iptables-save v1.8.4 on Sat Aug 6 15:58:37 2022
*nat
:PREROUTING ACCEPT [87:9285]
:INPUT ACCEPT [17:4469]
:OUTPUT ACCEPT [3:193]
:POSTROUTING ACCEPT [41:2863]
-A OUTPUT -m owner --uid-owner 129 -j RETURN
-A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A OUTPUT -d 127.0.0.0/9 -j RETURN
-A OUTPUT -d 127.128.0.0/10 -j RETURN
-A OUTPUT -d 127.0.0.0/8 -j RETURN
-A OUTPUT -d 192.168.0.0/16 -j RETURN
-A OUTPUT -d 172.16.0.0/12 -j RETURN
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
COMMIT