iptables.conf

# Generated by iptables-save v1.4.2 on Sun Mar 29 19:49:39 2009
*nat
:PREROUTING ACCEPT [612:120070]
:POSTROUTING ACCEPT [2011:162593]
:OUTPUT ACCEPT [2011:162593]
-A POSTROUTING -s 192.168.0.0/16 -o eth3 -j MASQUERADE 
COMMIT
# Completed on Sun Mar 29 19:49:39 2009
# Generated by iptables-save v1.4.2 on Sun Mar 29 19:49:39 2009
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:80]
-A INPUT -s 127.0.0.0/24 -i eth0 -j DROP 
-A INPUT -s 127.0.0.0/24 -i eth4 -j DROP
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.0/16 -i eth4 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth4 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 
-A INPUT -i eth4 -p udp -m udp --sport 68 --dport 67 -j ACCEPT 
-A INPUT -i lo -p tcp --dport 80 -j ACCEPT 
-A INPUT -d 255.255.255.255/32 -i eth3 -p udp -m udp --dport 67 -j DROP
-A INPUT -d 255.255.255.255/32 -i eth4 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -p tcp --dport 80 -j DROP
-A INPUT -p tcp --dport 69 -j ACCEPT
-A INPUT -p udp --dport 69 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP 
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP 
-A INPUT -p tcp -j DROP 
-A INPUT -p udp -j DROP 
-A INPUT -j DROP

-A FORWARD -i eth4 -p icmp -m icmp --icmp-type 0 -j ACCEPT 
-A FORWARD -o eth4 -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A FORWARD -i eth3 -o eth4 -j ACCEPT 
-A FORWARD -i eth4 -o eth3 -j ACCEPT 
-A FORWARD -j DROP 
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth4 -p udp -m udp --sport 68 --dport 67 -j ACCEPT 
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A OUTPUT -o eth4 -p icmp -j DROP
-A OUTPUT -d 192.168.0.0/16 -o eth4 -m state --state NEW,ESTABLISHED -j ACCEPT 
COMMIT
# Completed on Mon Feb 21 12:42:25 2011