~$ sudo iptables -v -L -n -x Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 908 92893 f2b-recidive tcp -- * * 0.0.0.0/0 0.0.0.0/0 782 183793 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 13 934 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 144 6988 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0 144 6988 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 144 6988 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 29 1160 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 38 1944 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 908 packets, 447817 bytes) pkts bytes target prot opt in out source destination 1121 462824 OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD_IN_ZONES (1 references) pkts bytes target prot opt in out source destination 0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD_IN_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination Chain FORWARD_OUT_ZONES (1 references) pkts bytes target prot opt in out source destination 0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD_OUT_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination Chain FORWARD_direct (1 references) pkts bytes target prot opt in out source destination Chain FWDI_public (1 references) pkts bytes target prot opt in out source destination 0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 Chain FWDI_public_allow (1 references) pkts bytes target prot opt in out source destination Chain FWDI_public_deny (1 references) pkts bytes target prot opt in out source destination Chain FWDI_public_log (1 references) pkts bytes target prot opt in out source destination Chain FWDO_public (1 references) pkts bytes target prot opt in out source destination 0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FWDO_public_allow (1 references) pkts bytes target prot opt in out source destination Chain FWDO_public_deny (1 references) pkts bytes target prot opt in out source destination Chain FWDO_public_log (1 references) pkts bytes target prot opt in out source destination Chain INPUT_ZONES (1 references) pkts bytes target prot opt in out source destination 143 6928 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto] Chain INPUT_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination Chain INPUT_direct (1 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 match-set f2b-sshd src reject-with icmp-port-unreachable 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,143,993,110,995 match-set f2b-postfix-sasl src reject-with icmp-port-unreachable Chain IN_public (1 references) pkts bytes target prot opt in out source destination 143 6928 IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 143 6928 IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0 135 6608 IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0 1 32 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 Chain IN_public_allow (1 references) pkts bytes target prot opt in out source destination 12 704 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW 1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 ctstate NEW 48 2452 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:10000:10100 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20000 ctstate NEW 7 316 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1025:65535 ctstate NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ctstate NEW Chain IN_public_deny (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set geo-block src 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set threat-ip src 8 320 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set threat-net src Chain IN_public_log (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 match-set geo-block src LOG flags 0 level 4 prefix "GEO BLOCK:" 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 match-set threat-ip src LOG flags 0 level 4 prefix "THREAT BLOCK:" 8 320 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 match-set threat-net src LOG flags 0 level 4 prefix "THREAT BLOCK:" Chain OUTPUT_direct (1 references) pkts bytes target prot opt in out source destination Chain f2b-recidive (1 references) pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 45.13.39.123 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 207.180.236.103 0.0.0.0/0 reject-with icmp-port-unreachable 33 1980 REJECT all -- * * 185.137.111.96 0.0.0.0/0 reject-with icmp-port-unreachable 38 2280 REJECT all -- * * 185.137.111.136 0.0.0.0/0 reject-with icmp-port-unreachable 35 2100 REJECT all -- * * 185.137.111.129 0.0.0.0/0 reject-with icmp-port-unreachable 40 2398 REJECT all -- * * 185.137.111.125 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 173.249.30.37 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 169.51.131.214 0.0.0.0/0 reject-with icmp-port-unreachable 3 180 REJECT all -- * * 159.69.106.108 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 141.98.81.38 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 141.98.81.37 0.0.0.0/0 reject-with icmp-port-unreachable 6 360 REJECT all -- * * 134.209.241.231 0.0.0.0/0 reject-with icmp-port-unreachable 753 83595 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0