Настройка apache2

ewerwerwer
root@mmc-backend:/var/www/mmc_moscow_terminal/dev# nft list ruleset

table ip nat {

        chain dstnat {

                type nat hook prerouting priority 50; policy accept;

        }


        chain srcnat {

                type nat hook postrouting priority 50; policy accept;

                oifname "eth0" counter packets 1598271 bytes 97991181 masquerade

        }

}

table inet filter {

        set f2b-sshd {

                type ipv4_addr

                elements = { 14.238.90.66, 31.94.32.127,

                             46.101.248.68, 59.120.184.126,

                             59.126.140.155, 122.175.4.186,

                             143.110.220.40, 152.32.150.45,

                             172.86.127.253, 203.172.41.149,

                             206.81.9.31, 212.68.38.179 }

        }



        chain forward {

                type filter hook forward priority 50; policy accept;

                ct state { established, related } counter packets 0 bytes 0 accept

        }



        chain input {

                type filter hook input priority 50; policy accept;

                tcp dport { ssh } ip saddr @f2b-sshd reject

                tcp dport { http, https } ip saddr { 79.143.19.73, 79.143.19.177, 109.172.110.191, 
109.172.112.150 } counter packets 20556 bytes 1233108 reject with icmp type net-prohibited
                iifname "lo" accept

                icmp type echo-reply counter packets 1 bytes 84 accept

                icmp type echo-request counter packets 56405 bytes 2288309 accept

                ct state { established, related } counter packets 1137340450 bytes 1785291005800 
accept
                ct state invalid counter packets 2065973 bytes 125911587 drop

                tcp dport ssh counter packets 51000 bytes 2996702 accept comment "ssh"

                oifname "eth0" iifname "eth0" ct state { established, related } counter packets 0 
bytes 0 accept

                iifname "eth0" ip saddr { 5.9.163.66, 10.0.0.0/8, 37.230.113.32, 46.41.91.12, 95.84.156.100, 127.0.0.1, 158.160.24.106, 178.154.235.183, 185.12.125.139, 188.255.21.60 } counter 
packets 3245 bytes 207250 accept
                oifname "eth0" ip daddr { 5.9.163.66, 10.0.0.0/8, 37.230.113.32, 46.41.91.12, 
95.84.156.100, 127.0.0.1, 158.160.24.106, 178.154.235.183, 185.12.125.139, 188.255.21.60 } counter packets 0 bytes 0 accept

                iifname "eth0" tcp dport http counter packets 6746 bytes 368886 accept

                oifname "eth0" tcp sport http counter packets 0 bytes 0 accept

                iifname "eth0" tcp dport https counter packets 6624128 bytes 501268067 accept

                oifname "eth0" tcp sport https counter packets 0 bytes 0 accept

                tcp dport mysql ip saddr { 5.9.163.66, 10.0.0.0/8, 37.230.113.32, 46.41.91.12, 
95.84.156.100, 127.0.0.1, 158.160.24.106, 178.154.235.183, 185.12.125.139, 188.255.21.60 } counter packets 0 bytes 0 accept

                tcp sport mysql ip daddr { 5.9.163.66, 10.0.0.0/8, 37.230.113.32, 46.41.91.12, 
95.84.156.100, 127.0.0.1, 158.160.24.106, 178.154.235.183, 185.12.125.139, 188.255.21.60 } counter packets 2 bytes 96 accept

                tcp dport mysql counter packets 4762 bytes 252536 accept

                tcp sport mysql counter packets 0 bytes 0 accept

                meta l4proto tcp iifname "eth0" meta nfproto ipv4 ip saddr 8.0.0.0/8 counter packets 
1017 bytes 44652 reject with tcp reset
        }



        chain ouput {

                type filter hook input priority 50; policy accept;

                oifname "eth0" ct state { established, related } counter packets 0 bytes 0 accept

        }

}