THE ANONYMOUS SHIELD

 

Hello guys! Today im going to show you my configuration of iptables and MikroTik router. Lets begin!

This is the beginning, next rules protect you from dos and ddos attacks, and in addition forbid the ping protocol for both, input and output:

-A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags ACK,URG URG -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags PSH,ACK PSH -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -m conntrack --ctstate INVALID -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -s 224.0.0.0/3 -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -s 169.254.0.0/16 -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -s 172.16.0.0/12 -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -s 192.0.2.0/24 -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -s 192.168.0.0/16 -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -s 240.0.0.0/5 -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -s 127.0.0.0/8 ! -i lo -m comment --comment NO_DDOS_RULES -j DROP
-A PREROUTING -p icmp -m comment --comment NO_ICMP -j DROP
-A PREROUTING -f -m comment --comment NO_DDOS_RULES -j DROP

The next rules allowing me to reach DNS servers of Cisco:

-A PREROUTING -s 208.67.222.123 -p udp -m udp --sport 53 -m state --state NEW,ESTABLISHED -m comment --comment DNS_CISCO_INPUT -j ACCEPT
-A PREROUTING -s 208.67.222.123 -p udp -m udp --sport 53 -m state --state NEW,ESTABLISHED -m comment --comment DNS_CISCO_INPUT -j ACCEPT

-A POSTROUTING -d 208.67.220.123 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -m comment --comment DNS_CISCO_OUTPUT -j ACCEPT
-A POSTROUTING -d 208.67.220.123 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -m comment --comment DNS_CISCO_OUTPUT -j ACCEPT

The next, a big part of rules allowing me to reach famous VPN services, such as Psiphon and Thunder VPN and acquire the responses from it:

-A PREROUTING -p tcp -s 8.21.110.66 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 194.28.84.109 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 79.142.76.177 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 198.98.50.134 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 185.236.202.74 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 193.9.114.186 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 37.46.114.43 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 87.101.92.226 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 172.104.129.8 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 213.108.105.86 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 209.95.50.117 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 128.127.104.95 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 185.189.115.74 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 162.159.192.5 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 88.202.230.183 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 23.88.33.159 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 198.7.62.204 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 51.38.83.188 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 185.186.142.71 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 45.137.155.59 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 51.195.37.158 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 51.75.74.253 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 192.168.218.226 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 139.162.246.212 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 165.231.190.10 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 51.15.105.14 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 196.240.126.98 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 165.231.161.146 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 178.62.40.168 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 82.196.8.19 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 196.196.203.130 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 109.248.11.129 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 185.225.210.35 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 5.255.88.7 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 192.46.234.109 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 139.162.159.188 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT
-A PREROUTING -p tcp -s 196.196.51.10 -m multiport --sports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_TCP -j ACCEPT

-A POSTROUTING -p tcp -d 8.21.110.66 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 194.28.84.109 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 79.142.76.177 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 198.98.50.134 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 185.236.202.74 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 193.9.114.186 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 37.46.114.43 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 87.101.92.226 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 172.104.129.8 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 213.108.105.86 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 209.95.50.117 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 128.127.104.95 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 185.189.115.74 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 162.159.192.5 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 88.202.230.183 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 23.88.33.159 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 198.7.62.204 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN -j ACCEPT
-A POSTROUTING -p tcp -d 51.38.83.188 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN -j ACCEPT
-A POSTROUTING -p tcp -d 185.186.142.71 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 45.137.155.59 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 51.195.37.158 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 51.75.74.253 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 192.168.218.226 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 139.162.246.212 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 165.231.190.10 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 51.15.105.14 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 196.240.126.98 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 165.231.161.146 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 178.62.40.168 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 82.196.8.19 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 196.196.203.130 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 109.248.11.129 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 185.225.210.35 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 5.255.88.7 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 192.46.234.109 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 139.162.159.188 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT
-A POSTROUTING -p tcp -d 196.196.51.10 -m multiport --dports 50505,7449,7450,8082,22104,80,443,1195 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_TCP -j ACCEPT

-A PREROUTING -p udp -s 8.21.110.66 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 8.21.110.66 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 194.28.84.109 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 194.28.84.109 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 79.142.76.177 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 79.142.76.177 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 198.98.50.134 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 198.98.50.134 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 185.236.202.74 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 185.236.202.74 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 193.9.114.186 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 193.9.114.186 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 37.46.114.43 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 37.46.114.43 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 87.101.92.226 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 87.101.92.226 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 172.104.129.8 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 172.104.129.8 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 213.108.105.86 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 213.108.105.86 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 209.95.50.117 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 209.95.50.117 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 128.127.104.95 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 128.127.104.95 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 185.189.115.74 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 185.189.115.74 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 162.159.192.5 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 162.159.192.5 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 88.202.230.183 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 88.202.230.183 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 23.88.33.159 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 23.88.33.159 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 198.7.62.204 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 198.7.62.204 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 51.38.83.188 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 51.38.83.188 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 185.186.142.71 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 185.186.142.71 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 45.137.155.59 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 45.137.155.59 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 51.195.37.158 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 51.195.37.158 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 51.75.74.253 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 51.75.74.253 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 192.168.218.226 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 192.168.218.226 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 139.162.246.212 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 139.162.246.212 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 165.231.190.10 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 165.231.190.10 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 51.15.105.14 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 51.15.105.14 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 196.240.126.98 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 196.240.126.98 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 165.231.161.146 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 165.231.161.146 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 178.62.40.168 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 178.62.40.168 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 82.196.8.19 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 82.196.8.19 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 196.196.203.130 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 196.196.203.130 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 109.248.11.129 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 109.248.11.129 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 185.225.210.35 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 185.225.210.35 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 5.255.88.7 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 5.255.88.7 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 192.46.234.109 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 192.46.234.109 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 139.162.159.188 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 139.162.159.188 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 196.196.51.10 -m multiport --sports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT
-A PREROUTING -p udp -s 196.196.51.10 -m multiport --sports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_INPUT_UDP -j ACCEPT

-A POSTROUTING -p udp -d 8.21.110.66 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 8.21.110.66 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 194.28.84.109 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 194.28.84.109 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 79.142.76.177 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 79.142.76.177 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 198.98.50.134 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 198.98.50.134 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 185.236.202.74 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 185.236.202.74 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 193.9.114.186 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 193.9.114.186 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 37.46.114.43 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 37.46.114.43 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 87.101.92.226 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 87.101.92.226 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 172.104.129.8 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 172.104.129.8 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 213.108.105.86 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 213.108.105.86 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 209.95.50.117 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 209.95.50.117 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 128.127.104.95 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 128.127.104.95 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 185.189.115.74 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 185.189.115.74 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 162.159.192.5 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 162.159.192.5 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 88.202.230.183 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 88.202.230.183 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 23.88.33.159 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 23.88.33.159 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 198.7.62.204 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 198.7.62.204 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 51.38.83.188 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 51.38.83.188 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 185.186.142.71 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 185.186.142.71 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 45.137.155.59 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 45.137.155.59 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 51.195.37.158 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 51.195.37.158 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 51.75.74.253 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 51.75.74.253 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 192.168.218.226 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 192.168.218.226 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 139.162.246.212 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 139.162.246.212 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 165.231.190.10 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 165.231.190.10 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 51.15.105.14 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 51.15.105.14 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 196.240.126.98 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 196.240.126.98 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 165.231.161.146 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 165.231.161.146 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 178.62.40.168 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 178.62.40.168 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 82.196.8.19 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 82.196.8.19 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 196.196.203.130 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 196.196.203.130 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 109.248.11.129 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 109.248.11.129 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 185.225.210.35 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 185.225.210.35 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 5.255.88.7 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 5.255.88.7 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 192.46.234.109 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 192.46.234.109 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 139.162.159.188 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 139.162.159.188 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 196.196.51.10 -m multiport --dports 33451,5060,4569,1900,7449,7450,2408,500,1701,4500,25000,13859,16200,50633,11488 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT
-A POSTROUTING -p udp -d 196.196.51.10 -m multiport --dports 16615,19697 -m state --state NEW,ESTABLISHED -m comment --comment VPN_OUTPUT_UDP -j ACCEPT

This rules allowing me to access the Binance IP ranges, i have put them to my Mikrotik, however i hide the certain IP addresses. You may easely know it by the special traffic sniffing apps for mobile and web browser extensions:

-A PREROUTING -s "Geben Sie hier Ihre Binance-IP ein" -m state --state NEW,ESTABLISHED -m comment --comment BINANCE_INPUT -j ACCEPT
-A PREROUTING -s "Geben Sie hier Ihre Binance-IP ein" -m state --state NEW,ESTABLISHED -m comment --comment BINANCE_INPUT -j ACCEPT

-A POSTROUTING -d "Geben Sie hier Ihre Binance-IP ein" -m state --state NEW,ESTABLISHED -m comment --comment BINANCE_OUTPUT -j ACCEPT
-A POSTROUTING -d "Geben Sie hier Ihre Binance-IP ein" -m state --state NEW,ESTABLISHED -m comment --comment BINANCE_OUTPUT -j ACCEPT

Second rules allowing me to access my banks servers:

-A PREROUTING -s "Geben Sie hier Ihre Bank-IP ein"/32 -p tcp --sport 443 -m state --state NEW,ESTABLISHED -m comment --comment BANK_INPUT -j ACCEPT
-A PREROUTING -s "Geben Sie hier Ihre Bank-IP ein"/32 -p tcp --sport 443 -m state --state NEW,ESTABLISHED -m comment --comment BANK_INPUT -j ACCEPT

-A POSTROUTING -d "Geben Sie hier Ihre Bank-IP ein"/32 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -m comment --comment BANK_OUTPUT -j ACCEPT
-A POSTROUTING -d "Geben Sie hier Ihre Bank-IP ein"/32 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -m comment --comment BANK_OUTPUT -j ACCEPT

The next second rules allowing you to access your router:
-A PREROUTING -i enp0s25 -s 10.0.1.1 -m multiport -p tcp --sports 23,80 -m state --state NEW,ESTABLISHED -m comment --comment ROUTER_TELNET_INPUT -j ACCEPT
-A POSTROUTING -o enp0s25 -d 10.0.1.1 -m multiport -p tcp --dports 23,80 -m state --state NEW,ESTABLISHED -m comment --comment ROUTER_TELNET_OUTPUT -j ACCEPT
-A PREROUTING -i enp0s25 -s 10.0.1.1 -p tcp --sport 80 -m state --state NEW,ESTABLISHED -m comment --comment ROUTER_WEB_INPUT -j ACCEPT
-A POSTROUTING -o enp0s25 -d 10.0.1.1 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -m comment --comment ROUTER_WEB_OUTPUT -j ACCEPT
This one forbidding some ports, which is necessery for access services, such as SSH and Telnet:

-A PREROUTING -i lo -p tcp -m multiport --sports 22,23,3389,21,20,389,636 -m state --state NEW,ESTABLISHED -m comment --comment NO_ACCESS_INPUT -j DROP
-A PREROUTING -i lo -p udp -m multiport --sports 21,20,22,23,389,636 -m state --state NEW,ESTABLISHED -m comment --comment NO_ACCESS_INPUT -j DROP
-A POSTROUTING -o lo -p tcp -m multiport --dports 22,23,3389,21,20,389,636 -m state --state NEW,ESTABLISHED -m comment --comment NO_ACCESS_OUTPUT -j DROP
-A POSTROUTING -o lo -p udp -m multiport --dports 21,20,22,23,389,636 -m state --state NEW,ESTABLISHED -m comment --comment NO_ACCESS_OUTPUT -j DROP

This rules allows only traffic which flow from VPN interfaces:

-A PREROUTING -i tun2 -m comment --comment ACCEPT_VPN_INTERFACE_INPUT -j ACCEPT
-A PREROUTING -i tun0 -m comment --comment ACCEPT_VPN_INTERFACE_INPUT -j ACCEPT
-A POSTROUTING -o tun2 -m comment --comment ACCEPT_VPN_INTERFACE_OUTPUT -j ACCEPT
-A POSTROUTING -o tun0 -m comment --comment ACCEPT_VPN_INTERFACE_OUTPUT -j ACCEPT

Allow access to the Grafana:

-A PREROUTING -i lo -s 127.0.0.1/32 -m comment --comment ACCEPT_GRAFANA_INPUT -j ACCEPT
-A POSTROUTING -o lo -d 127.0.0.1/32 -m comment --comment ACCEPT_GRAFANA_OUTPUT -j ACCEPT

And the final rules, which forbid all other traffic:

-P FORWARD DROP
-P PREROUTING DROP
-P POSTROUTING DROP

You may copy this whole rules to a text file and then just import all of them by the command to iptables:

sudo iptables-restore < yourfile.txt

This is all necessery rules, i will drop the same down for MikroTik:

WARNING! SOME OF THE RULES BELOW MAY LOCK YOUR ROUTER FOREWER ON!!!
/ip firewall filter
add action=fasttrack-connection chain=forward comment=fasttrack \
    connection-state=established,related protocol=tcp src-address=10.0.1.0/24
add action=fasttrack-connection chain=forward protocol=udp src-address=\
    10.0.1.0/24
add action=add-src-to-address-list address-list=CONNECTION_LIMIT \
    address-list-timeout=1d chain=input comment=conn_limit connection-limit=\
    32,32 dst-address=10.0.1.0/24 log=yes log-prefix="ATTACK LIMIT 32" \
    protocol=tcp
add action=accept chain=forward comment=accept_valid connection-state=\
    established,related in-interface=pppoe-out1
add action=reject chain=forward comment=reject_invalid connection-state=\
    invalid in-interface=pppoe-out1 reject-with=icmp-network-unreachable
add action=reject chain=input comment=ddos_filter connection-state=new \
    in-interface=pppoe-out1 protocol=tcp reject-with=icmp-network-unreachable \
    tcp-mss=!536-65535
add action=reject chain=input in-interface=pppoe-out1 protocol=tcp \
    reject-with=icmp-network-unreachable tcp-flags=fin,syn
add action=reject chain=input in-interface=pppoe-out1 protocol=tcp \
    reject-with=icmp-network-unreachable tcp-flags=syn,rst
add action=reject chain=input in-interface=pppoe-out1 protocol=tcp \
    reject-with=icmp-network-unreachable tcp-flags=fin,rst
add action=reject chain=input in-interface=pppoe-out1 protocol=tcp \
    reject-with=icmp-network-unreachable tcp-flags=fin,ack
add action=reject chain=input in-interface=pppoe-out1 protocol=tcp \
    reject-with=icmp-network-unreachable tcp-flags=ack,urg
add action=reject chain=input in-interface=pppoe-out1 protocol=tcp \
    reject-with=icmp-network-unreachable tcp-flags=psh,ack
add action=reject chain=input connection-state=new in-interface=pppoe-out1 \
    protocol=tcp reject-with=icmp-network-unreachable tcp-flags=\
    !fin,!syn,!rst,!ack
add action=reject chain=forward comment=no_icmp in-interface=pppoe-out1 \
    protocol=icmp reject-with=icmp-network-unreachable
add action=reject chain=input in-interface=pppoe-out1 protocol=icmp \
    reject-with=icmp-network-unreachable
add action=reject chain=forward comment=reject_local dst-address=10.0.1.0/24 \
    in-interface=pppoe-out1 reject-with=icmp-network-unreachable \
    src-address-list=LOCAL
add action=reject chain=input in-interface=pppoe-out1 reject-with=\
    icmp-network-unreachable src-address-list=LOCAL
add action=accept chain=forward comment=DNS out-interface=pppoe-out1 port=53 \
    protocol=udp src-address=10.0.1.0/24
add action=accept chain=forward comment=GLOBAL disabled=yes out-interface=\
    pppoe-out1 port=443 protocol=tcp src-address=10.0.1.0/24
add action=accept chain=forward comment=STEAM disabled=yes dst-address-list=\
    STEAM out-interface=pppoe-out1 port=27015,27015-27030,80 protocol=tcp \
    src-address=10.0.1.0/24
add action=accept chain=forward disabled=yes dst-address-list=STEAM \
    out-interface=pppoe-out1 port=27015-27030,27000-27100,4380,3478,4379,4380 \
    protocol=udp src-address=10.0.1.0/24
add action=reject chain=forward comment=DROP_MICROSOFT dst-address-list=\
    MICROSOFT out-interface=pppoe-out1 reject-with=icmp-network-unreachable \
    src-address=10.0.1.0/24
add action=accept chain=forward comment=VPN dst-address-list=VPN \
    out-interface=pppoe-out1 port="33451,5060,4569,1900,7449,7450,2408,500,170\
    1,4500,25000,13859,16200,50633,11488" protocol=udp src-address=\
    10.0.1.0/24
add action=accept chain=forward dst-address-list=VPN out-interface=pppoe-out1 \
    port=16615,19697 protocol=udp src-address=10.0.1.0/24
add action=accept chain=forward dst-address-list=VPN out-interface=pppoe-out1 \
    port=50505,7449,7450,8082,22104,80,443,1195 protocol=tcp src-address=\
    10.0.1.0/24
add action=accept chain=forward comment=TOR dst-address-list=TOR \
    out-interface=pppoe-out1 port=9150,27020,27015,38224,63425,8444,443,80 \
    protocol=tcp src-address=10.0.1.0/24
add action=accept chain=forward comment=BINANCE dst-address-list=BINANCE \
    out-interface=pppoe-out1 port=443 protocol=tcp src-address=10.0.1.0/24
add action=accept chain=forward comment=BANK dst-address-list=BANK \
    out-interface=pppoe-out1 port=443 protocol=tcp src-address=10.0.1.0/24
add action=accept chain=forward in-interface=pppoe-out1 port=443 protocol=tcp \
    src-address-list=BANK
add action=accept chain=input comment=Established_Wan_Accept \
    connection-state=established dst-address=10.0.1.1 dst-address-list=VPN
add action=reject chain=forward comment=NO_ACCESS reject-with=\
    icmp-network-unreachable src-address-list=NO_ACCESS_LIST
add action=reject chain=input log-prefix="ATTACK ACCESS INPUT" reject-with=\
    icmp-network-unreachable src-address-list=NO_ACCESS_LIST
add action=add-src-to-address-list address-list=NO_ACCESS_LIST \
    address-list-timeout=none-dynamic chain=forward comment=NO_ACCESS_LIST \
    dst-address=10.0.1.0/24 in-interface=pppoe-out1 log=yes log-prefix=\
    "ATTACK NO ACCESS FRWD ADD SRC" port=22,23,3389,21,20,389,636 protocol=\
    tcp
add action=add-src-to-address-list address-list=NO_ACCESS_LIST \
    address-list-timeout=none-dynamic chain=forward dst-address=10.0.1.0/24 \
    in-interface=pppoe-out1 log=yes log-prefix=\
    "ATTACK NO ACCESS FRWD ADD SRC" port=21,20,22,23,389,636 protocol=udp
add action=add-src-to-address-list address-list=NO_ACCESS_LIST \
    address-list-timeout=none-dynamic chain=input dst-address=10.0.1.0/24 \
    in-interface=pppoe-out1 log=yes log-prefix=\
    "ATTACK NO ACCESS INPUT ADD SRC" port=22,23,3389,21,20,389,636,8291 \
    protocol=tcp
add action=add-src-to-address-list address-list=NO_ACCESS_LIST \
    address-list-timeout=none-dynamic chain=input dst-address=10.0.1.0/24 \
    in-interface=pppoe-out1 log=yes log-prefix=\
    "ATTACK NO ACCESS INPUT ADD SRC" port=22,23,3389,21,20,389,636,8291 \
    protocol=udp
add action=add-src-to-address-list address-list=NO_ACCESS_LIST \
    address-list-timeout=none-dynamic chain=input comment=REJECT_INPUT_LAN \
    disabled=yes dst-address=10.0.1.0/24 in-interface-list=LAN log=yes \
    log-prefix="ATTACK NO ACCESS INPUT ADD SRC" port=\
    21,20,22,23,389,636,80,8291 protocol=udp
add action=add-src-to-address-list address-list=NO_ACCESS_LIST \
    address-list-timeout=none-dynamic chain=input disabled=yes dst-address=\
    10.0.1.0/24 in-interface-list=LAN log-prefix=\
    "ATTACK NO ACCESS INPUT ADD SRC" port=22,23,3389,21,20,389,636,8291 \
    protocol=tcp
add action=reject chain=input comment=PORT_BROOT in-interface=pppoe-out1 log=\
    yes log-prefix="ATTACK PORT BROOT INPUT" protocol=tcp reject-with=\
    icmp-network-unreachable src-address-list=PORT_BROOT_DROP
add action=add-src-to-address-list address-list=PORT_BROOT_DROP \
    address-list-timeout=none-dynamic chain=input comment=PORT_BROOT_ADD_LIST \
    dst-port=98 in-interface=pppoe-out1 log=yes log-prefix=\
    "ATTACK PORT BROOT INPUT ADD SRC" protocol=tcp
add action=reject chain=forward dst-address-list=JABBER log-prefix=CHILLI \
    reject-with=icmp-network-unreachable
add action=accept chain=input comment=Allow_limited_pings dst-address=\
    10.0.1.0/24 in-interface=pppoe-out1 limit=50/5s,2:packet protocol=icmp
add action=tarpit chain=input connection-limit=3,32 log=yes log-prefix=\
    "LIMITED PINGS" protocol=tcp src-address-list=BLOCKED_ADDR
add action=add-dst-to-address-list address-list=CONNECTION_LIMIT \
    address-list-timeout=1d chain=input comment=Connection_limit \
    connection-limit=200,32 dst-address=10.0.1.0/24 in-interface=pppoe-out1 \
    log=yes log-prefix="LIMIT 200" protocol=tcp
add action=reject chain=input comment=Adr_list_connection-limit_drop \
    dst-address=10.0.1.0/24 in-interface=pppoe-out1 log=yes log-prefix=\
    "CONNECTION LIMIT RJCT" reject-with=icmp-network-unreachable \
    src-address-list=CONNECTION_LIMIT
add action=reject chain=input comment=Port_scanner_drop in-interface=\
    pppoe-out1 reject-with=icmp-network-unreachable src-address-list=\
    PORT_SCANNERS
add action=add-src-to-address-list address-list=PORT_SCANNERS \
    address-list-timeout=none-dynamic chain=input in-interface=pppoe-out1 \
    protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=PORT_SCANNERS \
    address-list-timeout=none-dynamic chain=input in-interface=pppoe-out1 \
    protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=PORT_SCANNERS \
    address-list-timeout=none-dynamic chain=input in-interface=pppoe-out1 \
    protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=PORT_SCANNERS \
    address-list-timeout=none-dynamic chain=input in-interface=pppoe-out1 \
    protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=PORT_SCANNERS \
    address-list-timeout=none-dynamic chain=input in-interface=pppoe-out1 \
    protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=PORT_SCANNERS \
    address-list-timeout=none-dynamic chain=input in-interface=pppoe-out1 \
    protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=PORT_SCANNERS \
    address-list-timeout=none-dynamic chain=input in-interface=pppoe-out1 \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=reject chain=input comment=Pings_Drop dst-address=10.0.1.0/24 \
    in-interface=pppoe-out1 protocol=icmp reject-with=\
    icmp-network-unreachable
add action=reject chain=input comment=Drop_winbox_black_list dst-address=\
    10.0.1.0/24 dst-port=5323,5324 in-interface=pppoe-out1 log=yes \
    log-prefix="BLACK LIST ATTACK" protocol=tcp reject-with=\
    icmp-network-unreachable src-address-list=BLACK_LIST
add action=add-src-to-address-list address-list=BLACK_LIST \
    address-list-timeout=5m chain=input comment=Winbox_add_black_list \
    connection-state=new dst-address=10.0.1.0/24 dst-port=5323,5324 \
    in-interface=pppoe-out1 protocol=tcp src-address-list=SSH_STAGE_3
add action=add-src-to-address-list address-list=SSH_STAGE_1 \
    address-list-timeout=1m chain=input comment=Winbox_Ssh_stage1 \
    connection-state=new dst-address=10.0.1.0/24 dst-port=5323,5324 \
    in-interface=pppoe-out1 protocol=tcp
add action=accept chain=input comment=Accept_Winbox_Ssh dst-port=5323,5324 \
    in-interface=pppoe-out1 protocol=tcp src-address=10.0.1.0/24
add action=accept chain=input comment=Related_Wan_Accept connection-state=\
    related dst-address=10.0.1.0/24
add action=reject chain=input comment=reject_input in-interface=pppoe-out1 \
    log-prefix="ATTACK INPUT" reject-with=icmp-network-unreachable
add action=reject chain=input comment=reject_web_fig dst-address=10.0.1.0/24 \
    in-interface=pppoe-out1 port=80,22,23,8291 protocol=tcp reject-with=\
    icmp-network-unreachable
add action=reject chain=forward comment=reject_dev1 log-prefix="DEV1 RJCT" \
    out-interface=pppoe-out1 reject-with=icmp-network-unreachable \
    src-address=10.0.1.0/24 src-mac-address=
SET HERE THE MAC ADDRESS OF UR DEVICE
add action=reject chain=forward comment=reject_dev1log-prefix=\
    "DEV1 RJCT" out-interface=pppoe-out1 reject-with=icmp-network-unreachable \
    src-address=10.0.1.0/24 src-mac-address=
SET HERE THE MAC ADDRESS OF UR DEVICE
add action=reject chain=forward comment=reject_dev2_eth out-interface=\
    pppoe-out1 reject-with=icmp-network-unreachable src-address=10.0.1.0/24 \
    src-mac-address=
SET HERE THE MAC ADDRESS OF UR DEVICE
add action=reject chain=forward comment=reject_dev2 log-prefix="HWI RJCT" \
    out-interface=pppoe-out1 reject-with=icmp-network-unreachable \
    src-address=10.0.1.0/24 src-mac-address=
SET HERE THE MAC ADDRESS OF UR DEVICE
add action=reject chain=forward comment=allow_only_dev3 log-prefix=\
    "ONLY DEV3 RJCT" out-interface=pppoe-out1 reject-with=\
    icmp-network-unreachable src-mac-address=!
SET HERE THE MAC ADDRESS OF UR DEVICE
add action=reject chain=forward comment=reject_dev4 out-interface=pppoe-out1 \
    reject-with=icmp-network-unreachable src-address=10.0.1.0/24 \
    src-mac-address=SET HERE THE MAC ADDRESS OF UR DEVICE
add action=reject chain=input comment=REJECT_BRIDGE disabled=yes \
    in-interface=bridge1 out-interface=bridge1 reject-with=\
    icmp-network-unreachable
add action=reject chain=forward comment=reject_all log-prefix="ALL RJCT" \
    out-interface=pppoe-out1 reject-with=icmp-network-unreachable \
    src-address=10.0.1.0/24
add action=reject chain=output out-interface=pppoe-out1 reject-with=\
    icmp-network-unreachable src-address=10.0.1.0/24

Subscibe to my twitter: @derkodierer
My XMPP: aventador_20x@jabber.de

Comments

Post a Comment

Popular posts from this blog

DATA FLOW: СТАТИЧЕСКИЙ АНАЛИЗ ПОТОКА ДАННЫХ

Image
Всем привет, сегодняшняя тема об аналитике данных в рамках тестирования ! Статический анализ - это ряд методов , предназначенных для поиска ошибок через анализ фрагмента кода . Эти методы могут указать как на актуальные, так и на потенциальные баги , выделяя некорректное поведение (напр. никогда нечитаемые элементы данных). Так вот эти методы почти всегда применяются к группам данных в рамках одной большой детерминированной (те принимающей на вход и отдающей на выход определённые данные) программы . Имея исходный код программы, мы можем не запуская эту самую программу провести аналитику . Вот например : - Могут быть выявлены нестандартные, аномальные или сомнительные фрагменты программы. Они могут указывать на логические ошибки: неинициализированные переменные, невыполняемый код, неправильно рассчитанные границы массива, переменные к которым никто не обращается и тд. - Соответствие интерфейса - Могут быть выявлены перекрестные ссылки на данные и элементы управления, что возможно в
Read more

HOW'S ROUTER WORKING? DHCP

Image
Hello guys. Today we're talkin' about DHCP protocol . Btw, our network can't work without it. For now we're known that NAT routin' our packages between global and local networks . But how's computers and servers see each other in local network ? Let's talk about it ! I'll clarify again that all computers must have an address , u may know it already, but since networks are mutli-level - at each level their own IP addresses are distibuted . How it's works? U're runnin' ur router , installin ' wireless network and connectin ' to it with ur smartphone , for example. So that get an IP address ur smartphone (or rather it DHCP client) sendin' an request on broadcast address (it known by netmask), DHCP server of ur router see and respond on that request. In that case, when DHCP server doesn't respond at all, your phone will be assigned a different address from your settings. IN A MORE TECHNICAL PLANE When u're s
Read more