Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere bad_packets all -- anywhere anywhere DROP all -- anywhere ALL-SYSTEMS.MCAST.NET ACCEPT all -- 192.168.1.0/24 anywhere ACCEPT all -- anywhere 192.168.1.255 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED tcp_inbound tcp -- anywhere anywhere udp_inbound udp -- anywhere anywhere icmp_packets icmp -- anywhere anywhere DROP all -- anywhere 255.255.255.255 LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `INPUT packet died: ' Chain FORWARD (policy DROP) target prot opt source destination bad_packets all -- anywhere anywhere tcp_outbound tcp -- anywhere anywhere udp_outbound udp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `FORWARD packet died: ' Chain OUTPUT (policy DROP) target prot opt source destination DROP icmp -- anywhere anywhere state INVALID ACCEPT all -- localhost.localdomain anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- Administrator.server2000.amos anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `OUTPUT packet died: ' Chain bad_packets (2 references) target prot opt source destination LOG all -- anywhere anywhere state INVALID LOG level warning prefix `Invalid packet: ' DROP all -- anywhere anywhere state INVALID bad_tcp_packets tcp -- anywhere anywhere RETURN all -- anywhere anywhere Chain bad_tcp_packets (1 references) target prot opt source destination RETURN tcp -- anywhere anywhere LOG tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW LOG level warning prefix `New not syn: ' DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW RETURN tcp -- anywhere anywhere Chain icmp_packets (1 references) target prot opt source destination LOG icmp -f anywhere anywhere LOG level warning prefix `ICMP Fragment: ' DROP icmp -f anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp time-exceeded RETURN icmp -- anywhere anywhere Chain tcp_inbound (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:webcache ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpts:62000:64000 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpts:5000:5100 ACCEPT tcp -- anywhere anywhere tcp dpt:squid RETURN tcp -- anywhere anywhere Chain tcp_outbound (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:http REJECT tcp -- anywhere anywhere tcp dpt:irc reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:telnet reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:nntp reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:4443 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:1863 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:pop3 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:imap reject-with icmp-port-unreachable ACCEPT tcp -- anywhere anywhere Chain udp_inbound (1 references) target prot opt source destination DROP udp -- anywhere anywhere udp dpt:netbios-ns DROP udp -- anywhere anywhere udp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:3128 RETURN udp -- anywhere anywhere Chain udp_outbound (1 references) target prot opt source destination REJECT udp -- anywhere anywhere udp dpt:4000 reject-with icmp-port-unreachable ACCEPT udp -- anywhere anywhere