Chain INPUT (policy DROP) target prot opt source destination bad_tcp_packets tcp -- anywhere anywhere ACCEPT all -- 10.1.0.0/16 anywhere ACCEPT all -- localhost.localdomain anywhere ACCEPT all -- cys.che.intra.net anywhere ACCEPT all -- cys.che.nsk.su anywhere ACCEPT all -- anywhere 10.1.255.255 ACCEPT all -- anywhere cys.che.nsk.su state RELATED,ESTABLISHED tcp_packets tcp -- anywhere anywhere udp_packets udp -- anywhere anywhere icmp_packets icmp -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level debug prefix `IPT INPUT packet died: ' Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination bad_tcp_packets tcp -- anywhere anywhere ACCEPT all -- localhost.localdomain anywhere ACCEPT all -- cys.che.intra.net anywhere ACCEPT all -- cys.che.nsk.su anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level debug prefix `IPT OUTPUT packet died: ' Chain allowed (4 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED DROP tcp -- anywhere anywhere Chain bad_tcp_packets (2 references) target prot opt source destination LOG tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW LOG level warning prefix `New not syn:' DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW Chain icmp_packets (1 references) target prot opt source destination ACCEPT icmp -- 10.1.0.0/16 anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp time-exceeded Chain tcp_packets (1 references) target prot opt source destination allowed tcp -- anywhere anywhere tcp dpt:ftp allowed tcp -- anywhere anywhere tcp dpt:ssh allowed tcp -- anywhere anywhere tcp dpt:http allowed tcp -- anywhere anywhere tcp dpt:auth Chain udp_packets (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:ntp