# Generated by iptables-save v1.4.4 on Tue Oct 5 18:15:49 2010
*nat
:PREROUTING ACCEPT [2582:297548]
:POSTROUTING ACCEPT [4197:347221]
:OUTPUT ACCEPT [4744:383229]
COMMIT
# Completed on Tue Oct 5 18:15:49 2010
# Generated by iptables-save v1.4.4 on Tue Oct 5 18:15:49 2010
*mangle
:PREROUTING ACCEPT [145898:15105522]
:INPUT ACCEPT [145716:15079019]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [269114:304050884]
:POSTROUTING ACCEPT [268814:304050337]
COMMIT
# Completed on Tue Oct 5 18:15:49 2010
# Generated by iptables-save v1.4.4 on Tue Oct 5 18:15:49 2010
*filter
:INPUT DROP [1130:128654]
:FORWARD DROP [0:0]
:OUTPUT DROP [578:42308]
:allowed - [0:0]
:bad_tcp_packets - [0:0]
:icmp_packets - [0:0]
:tcp_packets - [0:0]
:udp_packets - [0:0]
-A INPUT -p tcp -j bad_tcp_packets
-A INPUT -s 192.168.0.0/29 -i eth1 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -i lo0 -j ACCEPT
-A INPUT -s 192.168.0.0/32 -i lo0 -j ACCEPT
-A INPUT -s 10.1.150.53/32 -i lo0 -j ACCEPT
-A INPUT -i ppp0 -p tcp -j tcp_packets
-A INPUT -i eth2 -p tcp -j tcp_packets
-A INPUT -i ppp0 -p udp -j udp_packets
-A INPUT -i eth2 -p udp -j udp_packets
-A INPUT -i ppp0 -p icmp -j icmp_packets
-A INPUT -i eth2 -p icmp -j icmp_packets
-A INPUT -d 224.0.0.0/8 -i eth2 -j DROP
-A INPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT INPUT packet died: " --log-level 7
-A FORWARD -p tcp -j bad_tcp_packets
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT INPUT packet died: " --log-level 7
-A OUTPUT -p tcp -j bad_tcp_packets
-A OUTPUT -s 127.0.0.1/32 -j ACCEPT
-A OUTPUT -s 192.168.0.1/32 -j ACCEPT
-A OUTPUT -s 10.1.150.53/32 -j ACCEPT
-A OUTPUT -s 92.248.240.81/32 -j ACCEPT
-A OUTPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT OUTPUT packet died: " --log-level 7
-A allowed -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A allowed -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A allowed -p tcp -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j LOG --log-prefix "New not syn: "
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A tcp_packets -p tcp -m tcp --dport 22 -j allowed
-A udp_packets -d 10.11.53.0/24 -i eth2 -p udp -m udp --dport 135:139 -j DROP
-A udp_packets -d 255.255.255.255/32 -i eth2 -p udp -m udp --dport 67:68 -j DROP
COMMIT
# Completed on Tue Oct 5 18:15:49 2010Add a code snippet to your website: www.paste.org