<?xml version="1.0"?>
<iptables-rules version="1.0">
<!-- # Generated by iptables*-save v1.4.2 *-rc1 on Fri Oct 29 10:26:30 2010 -->
<table name="mangle">
<chain name="PREROUTING" policy="ACCEPT" packet-count="7" byte-count="1110"/>
<chain name="INPUT" policy="ACCEPT" packet-count="75" byte-count="74112"/>
<chain name="FORWARD" policy="ACCEPT" packet-count="0" byte-count="0"/>
<chain name="OUTPUT" policy="ACCEPT" packet-count="8" byte-count="1438"/>
<chain name="POSTROUTING" policy="ACCEPT" packet-count="59" byte-count="72688"/>
</table>
<!-- # Completed on Fri Oct 29 10:26:30 2010 -->
<table name="nat">
<chain name="PREROUTING" policy="ACCEPT" packet-count="0" byte-count="0"/>
<chain name="POSTROUTING" policy="ACCEPT" packet-count="0" byte-count="0"/>
<chain name="OUTPUT" policy="ACCEPT" packet-count="1" byte-count="328"/>
</table>
<table name="raw">
<chain name="PREROUTING" policy="ACCEPT" packet-count="2706" byte-count="2863248">
<rule>
<conditions>
<match>
<i>lo</i>
</match>
</conditions>
<actions>
<NOTRACK/>
</actions>
</rule>
</chain>
<chain name="OUTPUT" policy="ACCEPT" packet-count="2900" byte-count="2221628">
<rule>
<conditions>
<match>
<o>lo</o>
</match>
</conditions>
<actions>
<NOTRACK/>
</actions>
</rule>
</chain>
</table>
<table name="filter">
<chain name="INPUT" policy="DROP" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<i>lo</i>
</match>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<actions>
<call>
<bad_packets/>
</call>
</actions>
</rule>
<rule>
<conditions>
<match>
<d>224.0.0.1/32</d>
</match>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<i>eth0</i>
</match>
<state>
<state>RELATED,ESTABLISHED</state>
</state>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<i>eth0</i>
<p>tcp</p>
</match>
</conditions>
<actions>
<call>
<tcp_inbound/>
</call>
</actions>
</rule>
<rule>
<conditions>
<match>
<i>eth0</i>
<p>udp</p>
</match>
</conditions>
<actions>
<call>
<udp_inbound/>
</call>
</actions>
</rule>
<rule>
<conditions>
<match>
<i>eth0</i>
<p>icmp</p>
</match>
</conditions>
<actions>
<call>
<icmp_packets/>
</call>
</actions>
</rule>
<rule>
<conditions>
<pkttype>
<pkt-type>broadcast</pkt-type>
</pkttype>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<actions>
<LOG>
<log-prefix>"fp=INPUT:99 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
</chain>
<chain name="OUTPUT" policy="DROP" packet-count="1" byte-count="328">
<rule>
<conditions>
<match>
<p>icmp</p>
</match>
<state>
<state>INVALID</state>
</state>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<s>127.0.0.1/32</s>
</match>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<o>lo</o>
</match>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<o>eth0</o>
</match>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<actions>
<LOG>
<log-prefix>"fp=OUTPUT:99 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
</chain>
<chain name="bad_packets" packet-count="0" byte-count="0">
<rule>
<conditions>
<state>
<state>INVALID</state>
</state>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_packets:1 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<state>
<state>INVALID</state>
</state>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
</conditions>
<actions>
<call>
<bad_tcp_packets/>
</call>
</actions>
</rule>
<rule>
<actions>
<RETURN/>
</actions>
</rule>
</chain>
<chain name="bad_tcp_packets" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags invert="1">FIN,SYN,RST,ACK SYN</tcp-flags>
</tcp>
<state>
<state>NEW</state>
</state>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:1 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags invert="1">FIN,SYN,RST,ACK SYN</tcp-flags>
</tcp>
<state>
<state>NEW</state>
</state>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG NONE</tcp-flags>
</tcp>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:2 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG NONE</tcp-flags>
</tcp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG</tcp-flags>
</tcp>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:3 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG</tcp-flags>
</tcp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG</tcp-flags>
</tcp>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:4 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG</tcp-flags>
</tcp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG</tcp-flags>
</tcp>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:5 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG</tcp-flags>
</tcp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>SYN,RST SYN,RST</tcp-flags>
</tcp>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:6 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>SYN,RST SYN,RST</tcp-flags>
</tcp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN FIN,SYN</tcp-flags>
</tcp>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=bad_tcp_packets:7 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<tcp-flags>FIN,SYN FIN,SYN</tcp-flags>
</tcp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
</conditions>
<actions>
<RETURN/>
</actions>
</rule>
</chain>
<chain name="icmp_packets" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>icmp</p>
<f/>
</match>
</conditions>
<actions>
<LOG>
<log-prefix>"fp=icmp_packets:1 a=DROP "</log-prefix>
</LOG>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>icmp</p>
<f/>
</match>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>icmp</p>
</match>
<icmp>
<icmp-type>8</icmp-type>
</icmp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>icmp</p>
</match>
<icmp>
<icmp-type>11</icmp-type>
</icmp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>icmp</p>
</match>
</conditions>
<actions>
<RETURN/>
</actions>
</rule>
</chain>
<chain name="tcp_inbound" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>5353</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>80</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>21</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<sport>20</sport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>62000:64000</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>25</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>110</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>143</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>22</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>5000:5100</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>6891:6900</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>111</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>9400</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>2049</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>9401</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>9402</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<dport>9403</dport>
</tcp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
</conditions>
<actions>
<RETURN/>
</actions>
</rule>
</chain>
<chain name="tcp_outbound" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
</chain>
<chain name="udp_inbound" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>137</dport>
</udp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>138</dport>
</udp>
</conditions>
<actions>
<DROP/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>123</dport>
</udp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>53</dport>
</udp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>5353</dport>
</udp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<sport>68</sport>
<dport>67</dport>
</udp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<sport>67</sport>
<dport>68</dport>
</udp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>111</dport>
</udp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>9400</dport>
</udp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>2049</dport>
</udp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>9401</dport>
</udp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>9402</dport>
</udp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
<udp>
<dport>9403</dport>
</udp>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
<rule>
<conditions>
<match>
<p>udp</p>
</match>
</conditions>
<actions>
<RETURN/>
</actions>
</rule>
</chain>
<chain name="udp_outbound" packet-count="0" byte-count="0">
<rule>
<conditions>
<match>
<p>udp</p>
</match>
</conditions>
<actions>
<ACCEPT/>
</actions>
</rule>
</chain>
<chain name="FORWARD" policy="DROP" packet-count="0" byte-count="0"/>
</table>
<!--Single System / Dynamic IP / Allow inbound services / Log Entries--></iptables-rules>