From 300227620992c0cb80e4f5ebe27eebb0efa6f9eb Mon Sep 17 00:00:00 2001
From: staticsafe <jogajog@sadiqsaif.com>
Date: Wed, 21 Aug 2019 23:41:40 -0400
Subject: [PATCH] clean up of firewall rulesets remove byte counters, remove
 chains that didn't need to be there

---
 .../files/catsith.asininetech.net.rules.v4    | 37 ++----------------
 .../files/catsith.asininetech.net.rules.v6    | 39 ++-----------------
 .../files/deirdre.asininetech.net.rules.v4    | 35 ++---------------
 .../files/deirdre.asininetech.net.rules.v6    | 38 ++----------------
 .../files/waldo.asininetech.net.rules.v4      | 36 ++---------------
 .../files/waldo.asininetech.net.rules.v6      | 38 ++----------------
 6 files changed, 21 insertions(+), 202 deletions(-)

diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/catsith.asininetech.net.rules.v4 b/ubuntu/roles/firewall-ruleset-deploy/files/catsith.asininetech.net.rules.v4
index ee121c3..e143ae6 100644
--- a/ubuntu/roles/firewall-ruleset-deploy/files/catsith.asininetech.net.rules.v4
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/catsith.asininetech.net.rules.v4
@@ -1,8 +1,8 @@
 # Generated by iptables-save v1.6.1 on Thu Aug 22 02:22:14 2019
 *filter
-:INPUT DROP [1971:93740]
-:FORWARD DROP [0:0]
-:OUTPUT DROP [55632:4190069]
+:INPUT DROP
+:FORWARD DROP
+:OUTPUT DROP
 -A INPUT -s 64.62.202.71/32 -j DROP
 -A INPUT -s 173.244.135.0/24 -m comment --comment "infegy data collection" -j DROP
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
@@ -22,34 +22,3 @@
 -A OUTPUT -p tcp -m tcp --dport 5665 -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
 COMMIT
-# Completed on Thu Aug 22 02:22:14 2019
-# Generated by iptables-save v1.6.1 on Thu Aug 22 02:22:14 2019
-*mangle
-:PREROUTING ACCEPT [1436823:274632683]
-:INPUT ACCEPT [1436823:274632683]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [991155:4677392300]
-:POSTROUTING ACCEPT [935523:4673202231]
-COMMIT
-# Completed on Thu Aug 22 02:22:14 2019
-# Generated by iptables-save v1.6.1 on Thu Aug 22 02:22:14 2019
-*nat
-:PREROUTING ACCEPT [5075:277850]
-:INPUT ACCEPT [3428:197268]
-:OUTPUT ACCEPT [79147:5741156]
-:POSTROUTING ACCEPT [24500:1591632]
-COMMIT
-# Completed on Thu Aug 22 02:22:14 2019
-# Generated by iptables-save v1.6.1 on Thu Aug 22 02:22:14 2019
-*raw
-:PREROUTING ACCEPT [1436823:274632683]
-:OUTPUT ACCEPT [991155:4677392300]
-COMMIT
-# Completed on Thu Aug 22 02:22:14 2019
-# Generated by iptables-save v1.6.1 on Thu Aug 22 02:22:14 2019
-*security
-:INPUT ACCEPT [1434852:274538943]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [935523:4673202231]
-COMMIT
-# Completed on Thu Aug 22 02:22:14 2019
diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/catsith.asininetech.net.rules.v6 b/ubuntu/roles/firewall-ruleset-deploy/files/catsith.asininetech.net.rules.v6
index a809b32..ba7ea5d 100644
--- a/ubuntu/roles/firewall-ruleset-deploy/files/catsith.asininetech.net.rules.v6
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/catsith.asininetech.net.rules.v6
@@ -1,39 +1,8 @@
-# Generated by ip6tables-save v1.6.1 on Thu Aug 22 02:22:34 2019
-*nat
-:PREROUTING ACCEPT [39130:3552329]
-:INPUT ACCEPT [38219:3476328]
-:OUTPUT ACCEPT [649972:61144068]
-:POSTROUTING ACCEPT [166603:14761332]
-COMMIT
-# Completed on Thu Aug 22 02:22:34 2019
-# Generated by ip6tables-save v1.6.1 on Thu Aug 22 02:22:34 2019
-*security
-:INPUT ACCEPT [3063254:3242714018]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [2710431:1187736120]
-COMMIT
-# Completed on Thu Aug 22 02:22:34 2019
-# Generated by ip6tables-save v1.6.1 on Thu Aug 22 02:22:34 2019
-*raw
-:PREROUTING ACCEPT [3069715:3243124325]
-:OUTPUT ACCEPT [3197462:1234338936]
-COMMIT
-# Completed on Thu Aug 22 02:22:34 2019
-# Generated by ip6tables-save v1.6.1 on Thu Aug 22 02:22:34 2019
-*mangle
-:PREROUTING ACCEPT [3069715:3243124325]
-:INPUT ACCEPT [3069675:3243120621]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [3197463:1234339228]
-:POSTROUTING ACCEPT [2710434:1187736892]
-COMMIT
-# Completed on Thu Aug 22 02:22:34 2019
-# Generated by ip6tables-save v1.6.1 on Thu Aug 22 02:22:34 2019
 *filter
-:INPUT DROP [6421:406603]
-:FORWARD DROP [0:0]
-:OUTPUT DROP [487029:46602336]
-:icmp_in - [0:0]
+:INPUT DROP
+:FORWARD DROP
+:OUTPUT DROP
+:icmp_in -
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/deirdre.asininetech.net.rules.v4 b/ubuntu/roles/firewall-ruleset-deploy/files/deirdre.asininetech.net.rules.v4
index 1f3bce0..9bb3138 100644
--- a/ubuntu/roles/firewall-ruleset-deploy/files/deirdre.asininetech.net.rules.v4
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/deirdre.asininetech.net.rules.v4
@@ -1,38 +1,9 @@
-# Generated by iptables-save v1.6.1 on Thu Aug 22 02:25:12 2019
-*security
-:INPUT ACCEPT [1978634:401612450]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [1760019:5887202636]
-COMMIT
-# Completed on Thu Aug 22 02:25:12 2019
-# Generated by iptables-save v1.6.1 on Thu Aug 22 02:25:12 2019
-*raw
-:PREROUTING ACCEPT [1979278:401653128]
-:OUTPUT ACCEPT [1816491:5891399408]
-COMMIT
-# Completed on Thu Aug 22 02:25:12 2019
-# Generated by iptables-save v1.6.1 on Thu Aug 22 02:25:12 2019
-*nat
-:PREROUTING ACCEPT [8117:491527]
-:INPUT ACCEPT [7525:453299]
-:OUTPUT ACCEPT [88110:6323193]
-:POSTROUTING ACCEPT [34162:2227657]
-COMMIT
-# Completed on Thu Aug 22 02:25:12 2019
-# Generated by iptables-save v1.6.1 on Thu Aug 22 02:25:12 2019
-*mangle
-:PREROUTING ACCEPT [1979278:401653128]
-:INPUT ACCEPT [1979278:401653128]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [1816491:5891399408]
-:POSTROUTING ACCEPT [1760019:5887202636]
-COMMIT
 # Completed on Thu Aug 22 02:25:12 2019
 # Generated by iptables-save v1.6.1 on Thu Aug 22 02:25:12 2019
 *filter
-:INPUT DROP [644:40678]
-:FORWARD DROP [0:0]
-:OUTPUT DROP [56472:4196772]
+:INPUT DROP
+:FORWARD DROP
+:OUTPUT DROP
 -A INPUT -s 185.6.8.3/32 -m comment --comment "domaincrawler.com aggressive crawler/bot" -j DROP
 -A INPUT -s 185.6.8.7/32 -m comment --comment "domaincrawler.com aggressive crawler/bot" -j DROP
 -A INPUT -s 173.244.135.0/24 -m comment --comment "infegy data collection" -j DROP
diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/deirdre.asininetech.net.rules.v6 b/ubuntu/roles/firewall-ruleset-deploy/files/deirdre.asininetech.net.rules.v6
index eee0c60..3e4872c 100644
--- a/ubuntu/roles/firewall-ruleset-deploy/files/deirdre.asininetech.net.rules.v6
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/deirdre.asininetech.net.rules.v6
@@ -1,39 +1,9 @@
 # Generated by ip6tables-save v1.6.1 on Thu Aug 22 02:25:57 2019
-*nat
-:PREROUTING ACCEPT [51379:4581191]
-:INPUT ACCEPT [50755:4496846]
-:OUTPUT ACCEPT [772065:72159452]
-:POSTROUTING ACCEPT [245450:21607052]
-COMMIT
-# Completed on Thu Aug 22 02:25:57 2019
-# Generated by ip6tables-save v1.6.1 on Thu Aug 22 02:25:57 2019
-*security
-:INPUT ACCEPT [5089056:5059987284]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [4713591:2067003702]
-COMMIT
-# Completed on Thu Aug 22 02:25:57 2019
-# Generated by ip6tables-save v1.6.1 on Thu Aug 22 02:25:57 2019
-*raw
-:PREROUTING ACCEPT [5093764:5060319397]
-:OUTPUT ACCEPT [5241795:2117654559]
-COMMIT
-# Completed on Thu Aug 22 02:25:57 2019
-# Generated by ip6tables-save v1.6.1 on Thu Aug 22 02:25:57 2019
-*mangle
-:PREROUTING ACCEPT [5093767:5060319662]
-:INPUT ACCEPT [5093720:5060315830]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [5241798:2117654824]
-:POSTROUTING ACCEPT [4713594:2067003967]
-COMMIT
-# Completed on Thu Aug 22 02:25:57 2019
-# Generated by ip6tables-save v1.6.1 on Thu Aug 22 02:25:57 2019
 *filter
-:INPUT DROP [4661:328281]
-:FORWARD DROP [0:0]
-:OUTPUT DROP [528204:50650857]
-:icmp_in - [0:0]
+:INPUT DROP
+:FORWARD DROP
+:OUTPUT DROP
+:icmp_in -
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/waldo.asininetech.net.rules.v4 b/ubuntu/roles/firewall-ruleset-deploy/files/waldo.asininetech.net.rules.v4
index e2170c4..cb2b901 100644
--- a/ubuntu/roles/firewall-ruleset-deploy/files/waldo.asininetech.net.rules.v4
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/waldo.asininetech.net.rules.v4
@@ -1,8 +1,8 @@
 # Generated by iptables-save v1.6.1 on Wed Jun  5 07:00:25 2019
 *filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT DROP [0:0]
+:INPUT DROP
+:FORWARD DROP
+:OUTPUT DROP
 -A INPUT -s 173.244.135.0/24 -m comment --comment "infegy data collection" -j DROP
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
@@ -22,33 +22,3 @@
 -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
 COMMIT
 # Completed on Wed Jun  5 07:00:25 2019
-# Generated by iptables-save v1.6.1 on Wed Jun  5 07:00:25 2019
-*mangle
-:PREROUTING ACCEPT [218487873:77836206409]
-:INPUT ACCEPT [218472743:77835851657]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [198640222:231265817270]
-:POSTROUTING ACCEPT [198514192:231251706844]
-COMMIT
-# Completed on Wed Jun  5 07:00:25 2019
-# Generated by iptables-save v1.6.1 on Wed Jun  5 07:00:25 2019
-*nat
-:PREROUTING ACCEPT [395831:23115645]
-:INPUT ACCEPT [342246:20080838]
-:OUTPUT ACCEPT [2104459:144197031]
-:POSTROUTING ACCEPT [2056326:133263204]
-COMMIT
-# Completed on Wed Jun  5 07:00:25 2019
-# Generated by iptables-save v1.6.1 on Wed Jun  5 07:00:25 2019
-*raw
-:PREROUTING ACCEPT [218487873:77836206409]
-:OUTPUT ACCEPT [198640222:231265817270]
-COMMIT
-# Completed on Wed Jun  5 07:00:25 2019
-# Generated by iptables-save v1.6.1 on Wed Jun  5 07:00:25 2019
-*security
-:INPUT ACCEPT [218343605:77829541325]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [198514192:231251706844]
-COMMIT
-# Completed on Wed Jun  5 07:00:25 2019
diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/waldo.asininetech.net.rules.v6 b/ubuntu/roles/firewall-ruleset-deploy/files/waldo.asininetech.net.rules.v6
index abad5ee..5479fb2 100644
--- a/ubuntu/roles/firewall-ruleset-deploy/files/waldo.asininetech.net.rules.v6
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/waldo.asininetech.net.rules.v6
@@ -1,9 +1,9 @@
 # Generated by ip6tables-save v1.6.1 on Wed Jun  5 07:00:25 2019
 *filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT DROP [0:0]
-:icmp_in - [0:0]
+:INPUT DROP
+:FORWARD DROP
+:OUTPUT DROP
+:icmp_in -
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
@@ -30,33 +30,3 @@
 -A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT
 COMMIT
 # Completed on Wed Jun  5 07:00:25 2019
-# Generated by ip6tables-save v1.6.1 on Wed Jun  5 07:00:25 2019
-*mangle
-:PREROUTING ACCEPT [70193758:23194099590]
-:INPUT ACCEPT [70193724:23194096614]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [85031518:98010620009]
-:POSTROUTING ACCEPT [85022058:98009850269]
-COMMIT
-# Completed on Wed Jun  5 07:00:25 2019
-# Generated by ip6tables-save v1.6.1 on Wed Jun  5 07:00:25 2019
-*raw
-:PREROUTING ACCEPT [70193758:23194099590]
-:OUTPUT ACCEPT [85031518:98010620009]
-COMMIT
-# Completed on Wed Jun  5 07:00:25 2019
-# Generated by ip6tables-save v1.6.1 on Wed Jun  5 07:00:25 2019
-*security
-:INPUT ACCEPT [70184454:23193336835]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [85022058:98009850269]
-COMMIT
-# Completed on Wed Jun  5 07:00:25 2019
-# Generated by ip6tables-save v1.6.1 on Wed Jun  5 07:00:25 2019
-*nat
-:PREROUTING ACCEPT [93205:8443266]
-:INPUT ACCEPT [92957:8404954]
-:OUTPUT ACCEPT [340319:31645894]
-:POSTROUTING ACCEPT [336994:31244254]
-COMMIT
-# Completed on Wed Jun  5 07:00:25 2019