iptables \
-w \
-A FJ-vnet0 \
-p all \
-m conntrack \
--ctstate ESTABLISHED,RELATED \
-m comment \
--comment 'out: existing and related (ftp) connections' \
-j RETURN
iptables \
-w \
-A HJ-vnet0 \
-p all \
-m conntrack \
--ctstate ESTABLISHED,RELATED \
-m comment \
--comment 'out: existing and related (ftp) connections' \
-j RETURN
iptables \
-w \
-A FP-vnet0 \
-p all \
-m conntrack \
--ctstate ESTABLISHED \
-m comment \
--comment 'in: existing connections' \
-j ACCEPT
iptables \
-w \
-A FP-vnet0 \
-p tcp \
--dport 21:22 \
-m conntrack \
--ctstate NEW \
-m comment \
--comment 'in: ftp and ssh' \
-j ACCEPT
iptables \
-w \
-A FP-vnet0 \
-p icmp \
-m conntrack \
--ctstate NEW \
-m comment \
--comment 'in: icmp' \
-j ACCEPT
iptables \
-w \
-A FJ-vnet0 \
-p udp \
--dport 53 \
-m conntrack \
--ctstate NEW \
-m comment \
--comment 'out: DNS lookups' \
-j RETURN
iptables \
-w \
-A HJ-vnet0 \
-p udp \
--dport 53 \
-m conntrack \
--ctstate NEW \
-m comment \
--comment 'out: DNS lookups' \
-j RETURN
iptables \
-w \
-A FJ-vnet0 \
-p all \
-m comment \
--comment 'inout: drop all non-accepted traffic' \
-j DROP
iptables \
-w \
-A FP-vnet0 \
-p all \
-m comment \
--comment 'inout: drop all non-accepted traffic' \
-j DROP
iptables \
-w \
-A HJ-vnet0 \
-p all \
-m comment \
--comment 'inout: drop all non-accepted traffic' \
-j DROP