Compare Pastes

Differences between the pastes #175516 (23.04.2021 15:29) and #234194 (12.11.2021 00:17).

Chain INPUT (policy DROP)
target     prot opt source               destination
ufw-before-logging-input  all  --  anywhere             anywhere
ufw-before-input  all  --  anywhere             anywhere
ufw-after-input  all  --  anywhere             anywhere
ufw-after-logging-input  all  --  anywhere             anywhere
ufw-reject-input  all  --  anywhere             anywhere
ufw-track-input  all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ufw-before-logging-forward  all  --  anywhere             anywhere
ufw-before-forward  all  --  anywhere             anywhere
ufw-after-forward  all  --  anywhere             anywhere
ufw-after-logging-forward  all  --  anywhere             anywhere
ufw-reject-forward  all  --  anywhere             anywhere
ufw-track-forward  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-output  all  --  anywhere             anywhere
ufw-before-output  all  --  anywhere             anywhere
ufw-after-output  all  --  anywhere             anywhere
ufw-after-logging-output  all  --  anywhere             anywhere
ufw-reject-output  all  --  anywhere             anywhere
ufw-track-output  all  --  anywhere             anywhere

Chain DOCKER (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:http

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain ufw-after-forward (1 references)
target     prot opt source               destination

Chain ufw-after-input (1 references)
target     prot opt source               destination
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-ns
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-dgm
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootps
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootpc
ufw-skip-to-policy-input  all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination

Chain ufw-after-output (1 references)
target     prot opt source               destination

Chain ufw-before-forward (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ufw-user-forward  all  --  anywhere             anywhere

Chain ufw-before-input (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ufw-not-local  all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns
ACCEPT     udp  --  anywhere             239.255.255.250      udp dpt:1900
ufw-user-input  all  --  anywhere             anywhere

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination

Chain ufw-before-output (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  anywhere             anywhere

Chain ufw-logging-allow (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  anywhere             anywhere             limit: avg 3/min burst 10
DROP       all  --  anywhere             anywhere

Chain ufw-reject-forward (1 references)
target     prot opt source               destination

Chain ufw-reject-input (1 references)
target     prot opt source               destination

Chain ufw-reject-output (1 references)
target     prot opt source               destination

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain ufw-track-forward (1 references)
target     prot opt source               destination

Chain ufw-track-input (1 references)
target     prot opt source               destination

Chain ufw-track-output (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination

Chain ufw-user-input (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh

Chain ufw-user-limit (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination

Chain ufw-user-output (1 references)

1		Chain INPUT (policy DROP)
2		target prot opt source destination
3		ufw-before-logging-input all -- anywhere anywhere
4		ufw-before-input all -- anywhere anywhere
5		ufw-after-input all -- anywhere anywhere
6		ufw-after-logging-input all -- anywhere anywhere
7		ufw-reject-input all -- anywhere anywhere
8		ufw-track-input all -- anywhere anywhere
9
10		Chain FORWARD (policy DROP)
11		target prot opt source destination
12		DOCKER-USER all -- anywhere anywhere
13		DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
14		ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
15		DOCKER all -- anywhere anywhere
16		ACCEPT all -- anywhere anywhere
17		ACCEPT all -- anywhere anywhere
18		ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
19		DOCKER all -- anywhere anywhere
20		ACCEPT all -- anywhere anywhere
21		ACCEPT all -- anywhere anywhere
22		ufw-before-logging-forward all -- anywhere anywhere
23		ufw-before-forward all -- anywhere anywhere
24		ufw-after-forward all -- anywhere anywhere
25		ufw-after-logging-forward all -- anywhere anywhere
26		ufw-reject-forward all -- anywhere anywhere
27		ufw-track-forward all -- anywhere anywhere
28
29		Chain OUTPUT (policy ACCEPT)
30		target prot opt source destination
31		ufw-before-logging-output all -- anywhere anywhere
32		ufw-before-output all -- anywhere anywhere
33		ufw-after-output all -- anywhere anywhere
34		ufw-after-logging-output all -- anywhere anywhere
35		ufw-reject-output all -- anywhere anywhere
36		ufw-track-output all -- anywhere anywhere
37
38		Chain DOCKER (2 references)
39		target prot opt source destination
40		ACCEPT tcp -- anywhere 172.18.0.2 tcp dpt:http
41
42		Chain DOCKER-ISOLATION-STAGE-1 (1 references)
43		target prot opt source destination
44		DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
45		DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
46		RETURN all -- anywhere anywhere
47
48		Chain DOCKER-ISOLATION-STAGE-2 (2 references)
49		target prot opt source destination
50		DROP all -- anywhere anywhere
51		DROP all -- anywhere anywhere
52		RETURN all -- anywhere anywhere
53
54		Chain DOCKER-USER (1 references)
55		target prot opt source destination
56		RETURN all -- anywhere anywhere
57
58		Chain ufw-after-forward (1 references)
59		target prot opt source destination
60
61		Chain ufw-after-input (1 references)
62		target prot opt source destination
63		ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns
64		ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm
65		ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn
66		ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds
67		ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps
68		ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc
69		ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
70
71		Chain ufw-after-logging-forward (1 references)
72		target prot opt source destination
73		LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
74
75		Chain ufw-after-logging-input (1 references)
76		target prot opt source destination
77		LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
78
79		Chain ufw-after-logging-output (1 references)
80		target prot opt source destination
81
82		Chain ufw-after-output (1 references)
83		target prot opt source destination
84
85		Chain ufw-before-forward (1 references)
86		target prot opt source destination
87		ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
88		ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
89		ACCEPT icmp -- anywhere anywhere icmp time-exceeded
90		ACCEPT icmp -- anywhere anywhere icmp parameter-problem
91		ACCEPT icmp -- anywhere anywhere icmp echo-request
92		ufw-user-forward all -- anywhere anywhere
93
94		Chain ufw-before-input (1 references)
95		target prot opt source destination
96		ACCEPT all -- anywhere anywhere
97		ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
98		ufw-logging-deny all -- anywhere anywhere ctstate INVALID
99		DROP all -- anywhere anywhere ctstate INVALID
100		ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
101		ACCEPT icmp -- anywhere anywhere icmp time-exceeded
102		ACCEPT icmp -- anywhere anywhere icmp parameter-problem
103		ACCEPT icmp -- anywhere anywhere icmp echo-request
104		ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
105		ufw-not-local all -- anywhere anywhere
106		ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
107		ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900
108		ufw-user-input all -- anywhere anywhere
109
110		Chain ufw-before-logging-forward (1 references)
111		target prot opt source destination
112
113		Chain ufw-before-logging-input (1 references)
114		target prot opt source destination
115
116		Chain ufw-before-logging-output (1 references)
117		target prot opt source destination
118
119		Chain ufw-before-output (1 references)
120		target prot opt source destination
121		ACCEPT all -- anywhere anywhere
122		ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
123		ufw-user-output all -- anywhere anywhere
124
125		Chain ufw-logging-allow (0 references)
126		target prot opt source destination
127		LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
128
129		Chain ufw-logging-deny (2 references)
130		target prot opt source destination
131		RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10
132		LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
133
134		Chain ufw-not-local (1 references)
135		target prot opt source destination
136		RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
137		RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
138		RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
139		ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10
140		DROP all -- anywhere anywhere
141
142		Chain ufw-reject-forward (1 references)
143		target prot opt source destination
144
145		Chain ufw-reject-input (1 references)
146		target prot opt source destination
147
148		Chain ufw-reject-output (1 references)
149		target prot opt source destination
150
151		Chain ufw-skip-to-policy-forward (0 references)
152		target prot opt source destination
153		DROP all -- anywhere anywhere
154
155		Chain ufw-skip-to-policy-input (7 references)
156		target prot opt source destination
157		DROP all -- anywhere anywhere
158
159		Chain ufw-skip-to-policy-output (0 references)
160		target prot opt source destination
161		ACCEPT all -- anywhere anywhere
162
163		Chain ufw-track-forward (1 references)
164		target prot opt source destination
165
166		Chain ufw-track-input (1 references)
167		target prot opt source destination
168
169		Chain ufw-track-output (1 references)
170		target prot opt source destination
171		ACCEPT tcp -- anywhere anywhere ctstate NEW
172		ACCEPT udp -- anywhere anywhere ctstate NEW
173
174		Chain ufw-user-forward (1 references)
175		target prot opt source destination
176
177		Chain ufw-user-input (1 references)
178		target prot opt source destination
179		ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
180
181		Chain ufw-user-limit (0 references)
182		target prot opt source destination
183		LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
184		REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
185
186		Chain ufw-user-limit-accept (0 references)
187		target prot opt source destination
188		ACCEPT all -- anywhere anywhere
189
190		Chain ufw-user-logging-forward (0 references)
191		target prot opt source destination
192
193		Chain ufw-user-logging-input (0 references)
194		target prot opt source destination
195
196		Chain ufw-user-logging-output (0 references)
197		target prot opt source destination
198
199		Chain ufw-user-output (1 references)