<?xml version="1.0"?>
<iptables-rules version="1.0">
<!-- # Generated by iptables*-save v1.4.2 *-rc1 on Fri Oct 29 10:18:42 2010 -->
<table name="mangle">
<chain name="PREROUTING" policy="ACCEPT" packet-count="7" byte-count="1110"/>
<chain name="INPUT" policy="ACCEPT" packet-count="7" byte-count="1110"/>
<chain name="FORWARD" policy="ACCEPT" packet-count="0" byte-count="0"/>
<chain name="OUTPUT" policy="ACCEPT" packet-count="7" byte-count="1110"/>
<chain name="POSTROUTING" policy="ACCEPT" packet-count="7" byte-count="1110"/>
</table>
<!-- # Completed on Fri Oct 29 10:18:42 2010 -->
<table name="nat">
<chain name="PREROUTING" policy="ACCEPT" packet-count="0" byte-count="0"/>
<chain name="POSTROUTING" policy="ACCEPT" packet-count="0" byte-count="0"/>
<chain name="OUTPUT" policy="ACCEPT" packet-count="0" byte-count="0"/>
</table>
<table name="raw">
<chain name="PREROUTING" policy="ACCEPT" packet-count="2638" byte-count="2790246">
<rule>
<conditions>
<match>
<i>lo</i>
</match>
</conditions>
<actions>
<NOTRACK/>
</actions>
</rule>
</chain>
<chain name="OUTPUT" policy="ACCEPT" packet-count="2779" byte-count="2133970">
<rule>
<conditions>
<match>
<o>lo</o>
</match>
</conditions>
<actions>
<NOTRACK/>
</actions>
</rule>
</chain>
</table>
<table name="filter">
<chain name="INPUT" policy="DROP" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<i>lo</i>
</match>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<actions>
<call>
<bad_packets/>
</call>
</actions>
</rule>
<rule>
<conditions>
<match>
<d>224.0.0.1/32</d>
</match>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<i>eth0</i>
</match>
<state>
<state>RELATED,ESTABLISHED</state>
</state>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<i>eth0</i>
<p>tcp</p>
</match>
</conditions>
<actions>
<call>
<tcp_inbound/>
</call>
</actions>
</rule>
<rule>
<conditions>
<match>
<i>eth0</i>
<p>udp</p>
</match>
</conditions>
<actions>
<call>
<udp_inbound/>
</call>
</actions>
</rule>
<rule>
<conditions>
<match>
<i>eth0</i>
<p>icmp</p>
</match>
</conditions>
<actions>
<call>
<icmp_packets/>
</call>
</actions>
</rule>
<rule>
<conditions>
<pkttype>
<pkt-type>broadcast</pkt-type>
</pkttype>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<actions>
<LOG>
<log-prefix>"fp=INPUT:99 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
</chain>
<chain name="OUTPUT" policy="DROP" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>icmp</p>
</match>
<state>
<state>INVALID</state>
</state>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<s>127.0.0.1/32</s>
</match>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<o>lo</o>
</match>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<o>eth0</o>
</match>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<actions>
<LOG>
<log-prefix>"fp=OUTPUT:99 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
</chain>
<chain name="bad_packets" packet-count="0" byte-count="0">
<rule>
<conditions>
<state>
<state>INVALID</state>
</state>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_packets:1 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<state>
<state>INVALID</state>
</state>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
</conditions>
<actions>
<call>
<bad_tcp_packets/>
</call>
</actions>
</rule>
<rule>
<actions>
<RETURN/>
</actions>
</rule>
</chain>
<chain name="bad_tcp_packets" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags invert="1">FIN,SYN,RST,ACK SYN</tcp-flags>
</tcp>
<state>
<state>NEW</state>
</state>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:1 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags invert="1">FIN,SYN,RST,ACK SYN</tcp-flags>
</tcp>
<state>
<state>NEW</state>
</state>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG NONE</tcp-flags>
</tcp>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:2 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG NONE</tcp-flags>
</tcp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG</tcp-flags>
</tcp>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:3 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG</tcp-flags>
</tcp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG</tcp-flags>
</tcp>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:4 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG</tcp-flags>
</tcp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG</tcp-flags>
</tcp>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:5 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG</tcp-flags>
</tcp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>SYN,RST SYN,RST</tcp-flags>
</tcp>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:6 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>SYN,RST SYN,RST</tcp-flags>
</tcp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN FIN,SYN</tcp-flags>
</tcp>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:7 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN FIN,SYN</tcp-flags>
</tcp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
</conditions>
<actions>
<RETURN/>
</actions>
</rule>
</chain>
<chain name="icmp_packets" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>icmp</p>
<f/>
</match>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=icmp_packets:1 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>icmp</p>
<f/>
</match>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>icmp</p>
</match>
<icmp>
<icmp-type>8</icmp-type>
</icmp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>icmp</p>
</match>
<icmp>
<icmp-type>11</icmp-type>
</icmp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>icmp</p>
</match>
</conditions>
<actions>
<RETURN/>
</actions>
</rule>
</chain>
<chain name="tcp_inbound" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
</conditions>
<actions>
<RETURN/>
</actions>
</rule>
</chain>
<chain name="tcp_outbound" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
</chain>
<chain name="udp_inbound" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>137</dport>
</udp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>138</dport>
</udp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<sport>67</sport>
<dport>68</dport>
</udp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
</conditions>
<actions>
<RETURN/>
</actions>
</rule>
</chain>
<chain name="udp_outbound" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>udp</p>
</match>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
</chain>
<chain name="FORWARD" policy="DROP" packet-count="0" byte-count="0"/>
</table>
<!--Single SYSTEM / Dynamic IP / LOG Entries--></iptables-rules>