{"id":1680,"date":"2019-01-21T12:41:41","date_gmt":"2019-01-21T09:41:41","guid":{"rendered":"http:\/\/surgery.moscow\/smos\/?p=1680"},"modified":"2019-01-21T15:37:02","modified_gmt":"2019-01-21T12:37:02","slug":"ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80","status":"publish","type":"post","link":"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/","title":{"rendered":"ip tables \u043f\u0440\u0438\u043c\u0435\u0440"},"content":{"rendered":"\n\u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u0440\u0438\u043c\u0435\u0440 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a IP \u0442\u0430\u0431\u043b\u0438\u0446 \u0434\u043b\u044f \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0432\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u0438 \u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u043d\u0430 \u0434\u0432\u0430 \u043a\u0430\u043d\u0430\u043b\u0430, \u043e\u0434\u0438\u043d \u043a\u0430\u043d\u0430\u043b \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 (8) \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0438\u0438 (10), \u0442\u0430\u043a-\u0436\u0435 \u0432 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0435\u0441\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u043c\u0435\u044e\u0449\u0438\u0445 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u044b\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0432 \u0441\u0435\u0440\u0444\u0438\u043d\u0433\u0443 \u043f\u043e \u043f\u0440\u043e\u0441\u0442\u043e\u0440\u0430\u043c \u0438\u043d\u0435\u0442\u0440\u0435\u043d\u0435\u0442\u0430 \n
\n#!\/bin\/sh\n
\nIPTABLES=\/sbin\/iptables\n
MODPROBE=\/sbin\/modprobe\n
INT_NET_WAN=xxx.xxx.xxx.xxx\/24\n
INT_NET_8=xxx.xxx.xxx.xxx\/24\n
INT_NET_10=xxx.xxx.xxx.xxx\/24\n
IP_WAN=xxx.xxx.xxx.xxx\n
IP_LAN_8=xxx.xxx.xxx.xxx\n
IP_LAN_10=xxx.xxx.xxx.xxx\n
PRIVATE_LOCAL_IP=xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx# ip adresses for directors\n
\n
INTERFACE_WAN=eth5\n
INTERFACE_LAN_8=eth0\n
INTERFACE_LAN_10=eth1\n
\nUNPRIVPORTS=1024:65535\t #\u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0438\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u0440\u0442\u044b\n
\nANYWHERE=any\/0 \t\t #\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0430\u0434\u0440\u0435\u0441\n
MSSQL_LOCAL_SERVER=xxx.xxx.xxx.137\n
HTTPD_MS_LOCAL_SERVER=xxx.xxx.xxx.137\n\n
TEL_IP=xxx.xxx.xxx.0\/27,xxx.xxx.xxx.0\/24\n

\n#whatsApp PORTS tcp 5222;443; udp 3478\nWHATSAPP_IP=31.13.81.48,31.13.81.53,157.240.20.51,31.13.84.48\n

\n# viber ports TCP 443 ( ? and UDP: 5242 4244 5243) \nVIBER_IP=178.162.219.152,151.101.112.233,77.88.21.90,35.210.148.251,77.88.21.90,87.250.247.182,18.201.7.5,18.201.5.105,18.201.7.4,74.125.232.246,64.233.162.95,209.85.233.95,\n

\n# 185.170.204.91 — platforma.ofd , ports 21101\nPLATFORMAOFD_IP=185.170.204.91\n

\n# 194.186.207.162 sberbank pinpad ports 670 (650 , 666, 670)\nSBER_PINPAD_IP=194.186.207.162,194.54.14.89,194.54.14.62\n

\n# \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0435 \u0433\u0440\u0443\u043f\u043f\u044b \u0434\u043e\u043c\u0435\u043d\u043d\u044b\u0445 \u0438\u043c\u0435\u043d\nHTTPS_allow_sites=surgstore.ru, surgery.moscow\n

\nHTTPS_allow_sites_yandex=yandex.ru,yandex.net\n

\nHTTPS_allow_sites_google=www.google.com,google.com,maps.google.com,maps.gstatic.com,ssl.gstatic.com,fonts.gstatic.com,www.gstatic.com,clients1.google.com,tools.google.com,google.ru,csi.gstatic.com,google-analytics.com,tools.google.com\n

\nHTTPS_allow_sites_wiki=upload.wikimedia.org,wikimedia.org,ru.wikipedia.org,meta.wikimedia.org,login.wikimedia.org,www.wikidata.org,wikipedia.org,ru.wikipedia.org,wikimedia.org,ru.wikimedia.org,wikibooks.org,ru.wikibooks.org,wikidata.org\n

\nHTTPS_allow_sites_sber=online.sberbank.ru,stat.online.sberbank.ru,sberbank.ru\n

\n## existing rules and set chain policy setting to DROP\n
echo «[+] Flushing existing iptables rules…»\n
$IPTABLES -F\n
$IPTABLES -F -t nat\n
$IPTABLES -X\n
$IPTABLES -P INPUT DROP\n
$IPTABLES -P OUTPUT DROP\n
$IPTABLES -P FORWARD DROP\n
### load connection-tracking modules\n
$MODPROBE ip_conntrack\n
$MODPROBE iptable_nat\n
$MODPROBE ip_conntrack_ftp\n
$MODPROBE ip_nat_ftp\n\n

\n
###### INPUT chain ######\n
echo «[+] Setting up INPUT chain…»\n
#### interface lo accept\n
$IPTABLES -A INPUT -i lo -j ACCEPT\n\n

\n
### local dns rules \n
\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p udp -s $INT_NET_8 -d $IP_LAN_8 —dport 53 -j ACCEPT\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p tcp -s $INT_NET_8 -d $IP_LAN_8 —dport 53 -j ACCEPT\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_10 -p udp -s $INT_NET_10 -d $IP_LAN_10 —dport 53 -j ACCEPT\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_10 -p tcp -s $INT_NET_10 -d $IP_LAN_10 —dport 53 -j ACCEPT\n
$IPTABLES -A INPUT -i $INTERFACE_WAN -p udp -d $IP_WAN —dport 53 -m state —state NEW -j ACCEPT\n
$IPTABLES -A INPUT -i $INTERFACE_WAN -p tcp -d $IP_WAN —dport 53 -m state —state NEW -j ACCEPT\n\n\n##################\n

\n### for HTTP from Internet to local server i think is nesesery \n$IPTABLES -A INPUT -i $INTERFACE_WAN -p tcp -d $IP_WAN —dport 80 -j ACCEPT\n\n

\necho «[+] Setting up INPUT SAMBA chain…»\n### samba rules \n

\n$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p udp -s $INT_NET_8 -d $INT_NET_8 —dport 137:138 -j ACCEPT\n
\n$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p tcp -s $INT_NET_8 -d $INT_NET_8 —dport 445 -j ACCEPT\n
\n$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p tcp -s $INT_NET_8 -d $INT_NET_8 —dport 139 -j ACCEPT\n

\n##### SQL rules\n# for local users from INT_NET_8\n
\n$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p tcp -s $INT_NET_8 -d $INT_NET_8 —dport 3389 -j ACCEPT # RDP\n
\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p tcp -s $INT_NET_8 -d $INT_NET_8 -m state —state ESTABLISHED,RELATED —dport 3306 -j ACCEPT # MySql\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p tcp -s $INT_NET_8 -d $INT_NET_8 —dport 80 -j ACCEPT #http yum\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p tcp -s $INT_NET_8 -d $INT_NET_8 —dport 21 -j ACCEPT # yum ftp\n

\n##### http rules\n# for local users from INT_NET_8\n\n### local dhcpd rules\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p udp -d $IP_LAN_8 —dport 67:69 -j ACCEPT\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_10 -p udp -d $IP_LAN_10 —dport 67:69 -j ACCEPT\n
#dhcp for wan \n
$IPTABLES -A INPUT -i $INTERFACE_WAN -p udp -s $INT_NET_WAN -d $IP_WAN —dport 67:69 -j ACCEPT\n
#$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p udp -s $INT_NET_8 —sport 137:139 —dport 137:139 -j ACCEPT\n\n
$IPTABLES -A INPUT -p udp —dport 67:69 -m state —state NEW -j ACCEPT\n\n

### proxy enable \n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p tcp -s $INT_NET_8 —dport 3128 -j ACCEPT \n\n
### gpg port\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p tcp -s $INT_NET_8 —dport 11371 -j ACCEPT #gpg port\n\n
### ACCEPT rules\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p tcp -s $INT_NET_8 —dport 22 —syn -m state —state NEW -j ACCEPT\n\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_10 -p tcp -s $INT_NET_10 —dport 22 —syn -m state —state NEW -j ACCEPT\n
$IPTABLES -A INPUT -p icmp —icmp-type echo-request -j ACCEPT\n\n\n

### Accept rules for bank\n\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p tcp -s $INT_NET_8 —dport 443 —syn -m state —state NEW -j ACCEPT\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p tcp -s $INT_NET_8 —dport 9443:9452 —syn -m state —state NEW -j ACCEPT\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 -p udp —dport 123 -m state —state NEW -j ACCEPT\n$IPTABLES -A INPUT -i $INTERFACE_LAN_10 -p udp -s $INT_NET_10 —dport 123 -m state —state NEW -j ACCEPT\n#######################\n\n

### state tracking rules\n
#$IPTABLES -A INPUT -m state —state INVALID -j LOG —log-prefix «DROP INVALID » —log-ip-options —log-tcp-options\n
#$IPTABLES -A INPUT -m state —state INVALID -j DROP\n
$IPTABLES -A INPUT -i $INTERFACE_WAN -m state —state ESTABLISHED,RELATED -j ACCEPT\n\n
$IPTABLES -A INPUT -p tcp —dport 53 -j ACCEPT\n
$IPTABLES -A INPUT -p udp —dport 53 -j ACCEPT\n### anti-spoofing rules\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 ! -s $INT_NET_8 -j LOG —log-prefix «SPOOFED PKT »\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_8 ! -s $INT_NET_8 -j DROP\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_10 ! -s $INT_NET_10 -j LOG —log-prefix «SPOOFED PKT »\n
$IPTABLES -A INPUT -i $INTERFACE_LAN_10 ! -s $INT_NET_10 -j DROP\n\n\n

### default INPUT LOG rule\n
$IPTABLES -A INPUT ! -i lo -j LOG —log-prefix «DROP-I » —log-ip-options —log-tcp-options\n
$IPTABLES -A INPUT ! -i lo -j DROP\n\n
###### OUTPUT chain ######\n
echo «[+] Setting up OUTPUT chain…»\n
### state tracking rules\n
$IPTABLES -A OUTPUT -o lo -j ACCEPT\n\n
### rules for OUTPUT packets\n
$IPTABLES -A OUTPUT -o $INTERFACE_WAN -s $IP_WAN -p tcp —dport 80 -j ACCEPT # out packet to wan\n
$IPTABLES -A OUTPUT -o $INTERFACE_WAN -s $IP_WAN -p tcp —dport 443 -j ACCEPT # out packet to wan\n\n
###############\n\n
$IPTABLES -A OUTPUT -m state —state INVALID -j LOG —log-prefix «DROP INVALID » —log-ip-options —log-tcp-options\n
$IPTABLES -A OUTPUT -m state —state INVALID -j DROP\n\n
#$IPTABLES -A OUTPUT -m state —state ESTABLISHED,RELATED -j LOG —log-prefix «out_est » —log-ip-options —log-tcp-options\n
$IPTABLES -A OUTPUT -m state —state ESTABLISHED,RELATED -j ACCEPT\n\n\n

### ACCEPT rules for allowing connections out\n\n
$IPTABLES -A OUTPUT -p tcp —dport 21 —syn -m state —state NEW -j ACCEPT\n
$IPTABLES -A OUTPUT -p tcp —dport 22 -s $INT_NET_8 —syn -m state —state NEW -j ACCEPT\n
$IPTABLES -A OUTPUT -p tcp —dport 25 —syn -m state —state NEW -j ACCEPT\n$IPTABLES -A OUTPUT -p tcp —dport 43 —syn -m state —state NEW -j ACCEPT\n
$IPTABLES -A OUTPUT -p udp -o $INTERFACE_WAN -s $INT_NET_WAN —dport 123 -m state —state NEW -j LOG —log-prefix «port_123 »\n
$IPTABLES -A OUTPUT -p udp -o $INTERFACE_WAN -s $INT_NET_WAN —dport 123 -m state —state NEW -j ACCEPT\n\n

## this is rules for output packet from Wan inrerface to inretnet\n\n
$IPTABLES -A OUTPUT -p tcp -o $INTERFACE_LAN_10 -s $INT_NET_10 —dport 80 —sport 80 -j DROP\n\n

### local dhcpd rules\n
$IPTABLES -A OUTPUT -o $INTERFACE_LAN_8 -p udp -s $IP_LAN_8 —dport 67:69 -j ACCEPT\n
$IPTABLES -A OUTPUT -o $INTERFACE_LAN_10 -p udp -s $IP_LAN_10 —dport 67:69 -j ACCEPT\n
$IPTABLES -A OUTPUT -p udp —dport 67:69 -m state —state NEW -j ACCEPT\n\n

#dhcp for wan \n
$IPTABLES -A OUTPUT -o $INTERFACE_WAN -p udp -d $INT_NET_WAN -s $IP_WAN —dport 67:69 -j ACCEPT\n

\n### local output dns rules \n
$IPTABLES -A OUTPUT -o $INTERFACE_LAN_8 -p udp -d $INT_NET_8 -s $IP_LAN_8 —dport 53 -m state —state NEW -j ACCEPT\n
$IPTABLES -A OUTPUT -o $INTERFACE_LAN_8 -p tcp -d $INT_NET_8 -s $IP_LAN_8 —dport 53 -m state —state NEW -j ACCEPT\n
$IPTABLES -A OUTPUT -o $INTERFACE_LAN_10 -p udp -d $INT_NET_10 -s $IP_LAN_10 —dport 53 -m state —state NEW -j ACCEPT\n
$IPTABLES -A OUTPUT -o $INTERFACE_LAN_10 -p tcp -d $INT_NET_10 -s $IP_LAN_10 —dport 53 -m state —state NEW -j ACCEPT\n
$IPTABLES -A OUTPUT -o $INTERFACE_WAN -p udp -s $IP_WAN —dport 53 -m state —state NEW -j ACCEPT\n
$IPTABLES -A OUTPUT -o $INTERFACE_WAN -p tcp -s $IP_WAN —dport 53 -m state —state NEW -j ACCEPT\n\n
$IPTABLES -A OUTPUT -p tcp —dport 9443:9452 —syn -m state —state NEW -j ACCEPT\n
$IPTABLES -A OUTPUT -p tcp —dport 11371 —syn -m state —state NEW -j ACCEPT # gpg port\n\n
$IPTABLES -A OUTPUT -p icmp —icmp-type echo-request -j ACCEPT\n

\n#additonall rules for sip-10-8 \n\n
$IPTABLES -A OUTPUT -p tcp —dport 8080 -m state —state NEW -j ACCEPT\n
$IPTABLES -A OUTPUT -o $INTERFACE_LAN_8 -d $INT_NET_10 -p tcp —dport 8080 -j ACCEPT\n
$IPTABLES -A OUTPUT -o $INTERFACE_LAN_10 -d $INT_NET_8 -p tcp —dport 8080 -j ACCEPT\n\n\n

### default OUTPUT LOG rule- super rules for monitoring\n
$IPTABLES -A OUTPUT ! -o lo -j LOG —log-prefix «DROP-O » —log-ip-options —log-tcp-options\n\n\n

###### FORWARD chain ######\n
echo «[+] Setting up FORWARD chain…»\n\n\n
# log rules\n\n
### state tracking rules\n
$IPTABLES -A FORWARD -m state —state INVALID -j LOG —log-prefix «DROP INVALID » —log-ip-options —log-tcp-options\n
$IPTABLES -A FORWARD -m state —state INVALID -j DROP\n\n
####\n\n
$IPTABLES -A FORWARD -i $INTERFACE_WAN -o $INTERFACE_LAN_8 -p tcp -m state —state ESTABLISHED,RELATED -j ACCEPT\n
$IPTABLES -A FORWARD -o $INTERFACE_WAN -i $INTERFACE_LAN_8 -p tcp —dport 80 -j ACCEPT\n\n
###########################\n\n
# FTP forward\n
$IPTABLES -A FORWARD -i $INTERFACE_WAN -o $INTERFACE_LAN_8 -s $PRIVATE_LOCAL_IP -p tcp —dport 21 -j ACCEPT\n
$IPTABLES -A FORWARD -o $INTERFACE_WAN -i $INTERFACE_LAN_8 -s $PRIVATE_LOCAL_IP -p tcp —dport 21 -j ACCEPT\n\n\n
$IPTABLES -A FORWARD -o $INTERFACE_WAN -i $INTERFACE_LAN_8 -p tcp -m state —state ESTABLISHED,RELATED -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_WAN -o $INTERFACE_LAN_8 -p tcp —dport 80 -m state —state NEW -j ACCEPT\n\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -s $PRIVATE_LOCAL_IP -p tcp —dport 22 -j ACCEPT #ssh \n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -s $PRIVATE_LOCAL_IP -p tcp —dport 1433 -j ACCEPT #MSSQL \n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -s $PRIVATE_LOCAL_IP -p tcp —dport 3306 -j ACCEPT #MSSQL \n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -s $PRIVATE_LOCAL_IP -p tcp —dport 2222 -j ACCEPT #ssh \n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -s $PRIVATE_LOCAL_IP -p tcp —dport 3389 -j ACCEPT #rdp \n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -s $PRIVATE_LOCAL_IP -p tcp —dport 443 -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -s $PRIVATE_LOCAL_IP -p tcp —dport 9443 -j ACCEPT\n
$IPTABLES -A FORWARD -o $INTERFACE_WAN -i $INTERFACE_LAN_8 -s $INT_NET_8 -p udp —dport 123 -j ACCEPT\n
$IPTABLES -A FORWARD -o $INTERFACE_WAN -i $INTERFACE_LAN_10 -s $INT_NET_10 -p udp —dport 123 -j ACCEPT\n\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -s $INT_NET_8 -p tcp —dport 443 -d $HTTPS_allow_sites -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -s $INT_NET_8 -p tcp —dport 443 -d $HTTPS_allow_sites_yandex -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -s $INT_NET_8 -p tcp —dport 443 -d $HTTPS_allow_sites_google -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -s $INT_NET_8 -p tcp —dport 443 -d $HTTPS_allow_sites_wiki -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -s $INT_NET_8 -p tcp —dport 443 -d $HTTPS_allow_sites_sber -j ACCEPT\n\n\n
#$IPTABLES -A FORWARD -i $INTERFACE_WAN -o $INTERFACE_LAN_10 -m state —state ESTABLISHED,RELATED -s $TEL_IP -p udp —sport 5060:5062 —dport 5060:5062 -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_WAN -o $INTERFACE_LAN_10 -m state —state ESTABLISHED,RELATED -s $TEL_IP -p udp —sport 10000:20000 —dport 10000:20000 -j ACCEPT\n
#$IPTABLES -A FORWARD -i $INTERFACE_LAN_10 -o $INTERFACE_WAN -d $TEL_IP -p udp —sport 5060:5062 —dport 5060:5062 -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_10 -o $INTERFACE_WAN -d $TEL_IP -p udp —sport 10000:20000 —dport 10000:20000 -j ACCEPT\n\n
$IPTABLES -A FORWARD -i $INTERFACE_WAN -o $INTERFACE_LAN_10 -m state —state ESTABLISHED,RELATED -s $TEL_IP -p tcp —sport 5060:5070 —dport 5060:5070 -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_10 -o $INTERFACE_WAN -d $TEL_IP -p tcp —sport 5060:5070 —dport 5060:5070 -j ACCEPT\n\n\n\n\n\n

### anti-spoofing rules\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_10 ! -s $INT_NET_10 -j LOG —log-prefix «SPOOFED PKT »\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_10 ! -s $INT_NET_10 -j DROP\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 ! -s $INT_NET_8 -j LOG —log-prefix «SPOOFED PKT »\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 ! -s $INT_NET_8 -j DROP\n\n

### PLATFORMA_OFD Rules\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -d $PLATFORMAOFD_IP -p tcp —dport 21101 -j ACCEPT\n\n

## SBER PINPAD \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b pinPad \u043e\u0442 \u0441\u0431\u0435\u0440\u0431\u0430\u043d\u043a\u0430\n

$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -d $SBER_PINPAD_IP -p tcp —dport 650 -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -d $SBER_PINPAD_IP -p tcp —dport 670 -j ACCEPT\n\n

## WhatsApp\n\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -d $WHATSAPP_IP -p tcp —dport 5222 -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -d $WHATSAPP_IP -p tcp —dport 443 -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -d $WHATSAPP_IP -p udp —dport 3478 -j ACCEPT\n\n

## viber 5242 4244 5243\n\n
#$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -d $VIBER_IP -p tcp —dport 443 -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -d $VIBER_IP -p tcp —dport 1443 -j ACCEPT\n
$IPTABLES -A FORWARD -i $INTERFACE_LAN_8 -o $INTERFACE_WAN -d $VIBER_IP -p tcp —dport 4244 -j ACCEPT\n\n

### ACCEPT rules\n
# ping rules\n
$IPTABLES -A FORWARD -o $INTERFACE_WAN -p icmp —icmp-type echo-request -j ACCEPT\n
$IPTABLES -A FORWARD -o $INTERFACE_WAN -p icmp —icmp-type port-unreachable -j ACCEPT\n
#$IPTABLES -A FORWARD -o $INTERFACE_WAN -p icmp -j ACCEPT\n\n
#super log\n
$IPTABLES -A FORWARD ! -i lo -j LOG —log-prefix «DROP-F » —log-ip-options —log-tcp-options\n\n

###### NAT rules ######\n\n

echo «[+] Setting up NAT rules…»\n\n
# clear proxy enable \n\n
###$IPTABLES -t nat -A PREROUTING -i $INTERFACE_LAN_8 -s $INT_NET_8 -p tcp —dport 80 -j LOG —log-prefix «pre_eht0_to_proxy » \n
$IPTABLES -t nat -A PREROUTING -i $INTERFACE_LAN_8 -s $INT_NET_8 -p tcp —dport 80 -j DNAT —to $IP_LAN_8:3128 \n\n\n\n
$IPTABLES -t nat -A POSTROUTING -s $INT_NET_8 -o $INTERFACE_WAN -j MASQUERADE \n
$IPTABLES -t nat -A POSTROUTING -s $INT_NET_10 -o $INTERFACE_WAN -j MASQUERADE \n\n\n

echo «[+] Enabling IP forwarding…»\n
echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward\n","protected":false},"excerpt":{"rendered":"

\u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u0440\u0438\u043c\u0435\u0440 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a IP \u0442\u0430\u0431\u043b\u0438\u0446 \u0434\u043b\u044f \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0432\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u0438 \u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u043d\u0430 \u0434\u0432\u0430 \u043a\u0430\u043d\u0430\u043b\u0430, \u043e\u0434\u0438\u043d \u043a\u0430\u043d\u0430\u043b \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 (8) \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0438\u0438<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[12,22],"tags":[],"class_list":["post-1680","post","type-post","status-publish","format-standard","hentry","category-internet","category-technology"],"yoast_head":"\nip tables \u043f\u0440\u0438\u043c\u0435\u0440 - Surgery.Moscow<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-\u043f\u0440\u0438\u043c\u0435\u0440\/\" \/>\n<meta property=\"og:locale\" content=\"ru_RU\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ip tables \u043f\u0440\u0438\u043c\u0435\u0440 - Surgery.Moscow\" \/>\n<meta property=\"og:description\" content=\"\u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u0440\u0438\u043c\u0435\u0440 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a IP \u0442\u0430\u0431\u043b\u0438\u0446 \u0434\u043b\u044f \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0432\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u0438 \u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u043d\u0430 \u0434\u0432\u0430 \u043a\u0430\u043d\u0430\u043b\u0430, \u043e\u0434\u0438\u043d \u043a\u0430\u043d\u0430\u043b \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 (8) \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0438\u0438\" \/>\n<meta property=\"og:url\" content=\"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-\u043f\u0440\u0438\u043c\u0435\u0440\/\" \/>\n<meta property=\"og:site_name\" content=\"Surgery.Moscow\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-21T09:41:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-01-21T12:37:02+00:00\" \/>\n<meta name=\"author\" content=\"Editor_1\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u041d\u0430\u043f\u0438\u0441\u0430\u043d\u043e \u0430\u0432\u0442\u043e\u0440\u043e\u043c\" \/>\n\t<meta name=\"twitter:data1\" content=\"Editor_1\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u041f\u0440\u0438\u043c\u0435\u0440\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 \u043c\u0438\u043d\u0443\u0442\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/\"},\"author\":{\"name\":\"Editor_1\",\"@id\":\"https:\/\/surgery.moscow\/smos\/#\/schema\/person\/c143433a1a13d7415e6515bf842daeaf\"},\"headline\":\"ip tables \u043f\u0440\u0438\u043c\u0435\u0440\",\"datePublished\":\"2019-01-21T09:41:41+00:00\",\"dateModified\":\"2019-01-21T12:37:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/\"},\"wordCount\":2408,\"publisher\":{\"@id\":\"https:\/\/surgery.moscow\/smos\/#organization\"},\"articleSection\":[\"Internet\",\"Technology\"],\"inLanguage\":\"ru-RU\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/\",\"url\":\"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/\",\"name\":\"ip tables \u043f\u0440\u0438\u043c\u0435\u0440 - Surgery.Moscow\",\"isPartOf\":{\"@id\":\"https:\/\/surgery.moscow\/smos\/#website\"},\"datePublished\":\"2019-01-21T09:41:41+00:00\",\"dateModified\":\"2019-01-21T12:37:02+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/#breadcrumb\"},\"inLanguage\":\"ru-RU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\",\"item\":\"https:\/\/surgery.moscow\/smos\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ip tables \u043f\u0440\u0438\u043c\u0435\u0440\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/surgery.moscow\/smos\/#website\",\"url\":\"https:\/\/surgery.moscow\/smos\/\",\"name\":\"Surgery.Moscow\",\"description\":\"Surgery in Moscow Russian Federation\",\"publisher\":{\"@id\":\"https:\/\/surgery.moscow\/smos\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/surgery.moscow\/smos\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ru-RU\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/surgery.moscow\/smos\/#organization\",\"name\":\"Bariatric.ru\",\"url\":\"https:\/\/surgery.moscow\/smos\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ru-RU\",\"@id\":\"https:\/\/surgery.moscow\/smos\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/surgery.moscow\/wp-content\/uploads\/2016\/11\/Surgery_Moscow_logo_1.jpg?fit=300%2C90&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/surgery.moscow\/wp-content\/uploads\/2016\/11\/Surgery_Moscow_logo_1.jpg?fit=300%2C90&ssl=1\",\"width\":300,\"height\":90,\"caption\":\"Bariatric.ru\"},\"image\":{\"@id\":\"https:\/\/surgery.moscow\/smos\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/surgery.moscow\/smos\/#\/schema\/person\/c143433a1a13d7415e6515bf842daeaf\",\"name\":\"Editor_1\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ru-RU\",\"@id\":\"https:\/\/surgery.moscow\/smos\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5c7fa35b31c26ebe86fb7d584e402297eb28065ca5a94b6becefa08d9ab17616?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5c7fa35b31c26ebe86fb7d584e402297eb28065ca5a94b6becefa08d9ab17616?s=96&d=mm&r=g\",\"caption\":\"Editor_1\"},\"url\":\"https:\/\/surgery.moscow\/smos\/author\/surgerymoscowadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ip tables \u043f\u0440\u0438\u043c\u0435\u0440 - Surgery.Moscow","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-\u043f\u0440\u0438\u043c\u0435\u0440\/","og_locale":"ru_RU","og_type":"article","og_title":"ip tables \u043f\u0440\u0438\u043c\u0435\u0440 - Surgery.Moscow","og_description":"\u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u0440\u0438\u043c\u0435\u0440 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a IP \u0442\u0430\u0431\u043b\u0438\u0446 \u0434\u043b\u044f \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0432\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u0438 \u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u043d\u0430 \u0434\u0432\u0430 \u043a\u0430\u043d\u0430\u043b\u0430, \u043e\u0434\u0438\u043d \u043a\u0430\u043d\u0430\u043b \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 (8) \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0438\u0438","og_url":"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-\u043f\u0440\u0438\u043c\u0435\u0440\/","og_site_name":"Surgery.Moscow","article_published_time":"2019-01-21T09:41:41+00:00","article_modified_time":"2019-01-21T12:37:02+00:00","author":"Editor_1","twitter_card":"summary_large_image","twitter_misc":{"\u041d\u0430\u043f\u0438\u0441\u0430\u043d\u043e \u0430\u0432\u0442\u043e\u0440\u043e\u043c":"Editor_1","\u041f\u0440\u0438\u043c\u0435\u0440\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f":"12 \u043c\u0438\u043d\u0443\u0442"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/#article","isPartOf":{"@id":"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/"},"author":{"name":"Editor_1","@id":"https:\/\/surgery.moscow\/smos\/#\/schema\/person\/c143433a1a13d7415e6515bf842daeaf"},"headline":"ip tables \u043f\u0440\u0438\u043c\u0435\u0440","datePublished":"2019-01-21T09:41:41+00:00","dateModified":"2019-01-21T12:37:02+00:00","mainEntityOfPage":{"@id":"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/"},"wordCount":2408,"publisher":{"@id":"https:\/\/surgery.moscow\/smos\/#organization"},"articleSection":["Internet","Technology"],"inLanguage":"ru-RU"},{"@type":"WebPage","@id":"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/","url":"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/","name":"ip tables \u043f\u0440\u0438\u043c\u0435\u0440 - Surgery.Moscow","isPartOf":{"@id":"https:\/\/surgery.moscow\/smos\/#website"},"datePublished":"2019-01-21T09:41:41+00:00","dateModified":"2019-01-21T12:37:02+00:00","breadcrumb":{"@id":"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/#breadcrumb"},"inLanguage":"ru-RU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/surgery.moscow\/smos\/2019\/01\/21\/ip-tables-%d0%bf%d1%80%d0%b8%d0%bc%d0%b5%d1%80\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430","item":"https:\/\/surgery.moscow\/smos\/"},{"@type":"ListItem","position":2,"name":"ip tables \u043f\u0440\u0438\u043c\u0435\u0440"}]},{"@type":"WebSite","@id":"https:\/\/surgery.moscow\/smos\/#website","url":"https:\/\/surgery.moscow\/smos\/","name":"Surgery.Moscow","description":"Surgery in Moscow Russian Federation","publisher":{"@id":"https:\/\/surgery.moscow\/smos\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/surgery.moscow\/smos\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ru-RU"},{"@type":"Organization","@id":"https:\/\/surgery.moscow\/smos\/#organization","name":"Bariatric.ru","url":"https:\/\/surgery.moscow\/smos\/","logo":{"@type":"ImageObject","inLanguage":"ru-RU","@id":"https:\/\/surgery.moscow\/smos\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/surgery.moscow\/wp-content\/uploads\/2016\/11\/Surgery_Moscow_logo_1.jpg?fit=300%2C90&ssl=1","contentUrl":"https:\/\/i0.wp.com\/surgery.moscow\/wp-content\/uploads\/2016\/11\/Surgery_Moscow_logo_1.jpg?fit=300%2C90&ssl=1","width":300,"height":90,"caption":"Bariatric.ru"},"image":{"@id":"https:\/\/surgery.moscow\/smos\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/surgery.moscow\/smos\/#\/schema\/person\/c143433a1a13d7415e6515bf842daeaf","name":"Editor_1","image":{"@type":"ImageObject","inLanguage":"ru-RU","@id":"https:\/\/surgery.moscow\/smos\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5c7fa35b31c26ebe86fb7d584e402297eb28065ca5a94b6becefa08d9ab17616?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5c7fa35b31c26ebe86fb7d584e402297eb28065ca5a94b6becefa08d9ab17616?s=96&d=mm&r=g","caption":"Editor_1"},"url":"https:\/\/surgery.moscow\/smos\/author\/surgerymoscowadmin\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8nQhT-r6","_links":{"self":[{"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/posts\/1680","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/comments?post=1680"}],"version-history":[{"count":4,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/posts\/1680\/revisions"}],"predecessor-version":[{"id":1687,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/posts\/1680\/revisions\/1687"}],"wp:attachment":[{"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/media?parent=1680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/categories?post=1680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/tags?post=1680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}