# Generated by iptables-save v1.2.6a on Thu May 22 03:05:26 2003
*nat
:PREROUTING ACCEPT [29:6468]
:POSTROUTING ACCEPT [14:1124]
:OUTPUT ACCEPT [14:1124]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 6881 -j DNAT --to-destination 192.168.1.4 
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth0 -j MASQUERADE 
COMMIT
# Completed on Thu May 22 03:05:26 2003
# Generated by iptables-save v1.2.6a on Thu May 22 03:05:26 2003
*mangle
:PREROUTING ACCEPT [1993:4697921]
:INPUT ACCEPT [1987:4697561]
:FORWARD ACCEPT [6:360]
:OUTPUT ACCEPT [3472:4620346]
:POSTROUTING ACCEPT [3473:4620406]
COMMIT
# Completed on Thu May 22 03:05:26 2003
# Generated by iptables-save v1.2.6a on Thu May 22 03:05:26 2003
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [3472:4620346]
:firewallog - [0:0]
-A INPUT -i lo -j ACCEPT 
-A INPUT -i eth1 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT 
-A INPUT -i eth1 -p udp -j ACCEPT 
-A INPUT -i eth1 -p icmp -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -m state --state INVALID -j firewallog 
-A INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/min -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -m limit --limit 5/min -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 25 --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/min -j ACCEPT 
-A INPUT -d 255.255.255.255 -i eth0 -p udp -m udp --dport 68 -j DROP 
-A INPUT -i eth0 -p tcp -m tcp --dport 113 -j DROP 
-A INPUT -i eth0 -p udp -m udp --dport 137:139 -j DROP 
-A INPUT -i eth0 -p tcp -m tcp --dport 137:139 -j DROP 
-A INPUT -i eth0 -p tcp -m tcp --dport 1214 -j DROP 
-A INPUT -i eth0 -p udp -m udp --dport 1214 -j DROP 
-A INPUT -i eth0 -p tcp -m tcp --dport 6346 -j DROP 
-A INPUT -i eth0 -p tcp -m tcp --dport 6347 -j DROP 
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j DROP 
-A INPUT -j firewallog 
-A FORWARD -p tcp -m tcp --dport 137:139 -j DROP 
-A FORWARD -p udp -m udp --dport 137:139 -j DROP 
-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth1 -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -d 192.168.1.4 -i eth0 -p tcp -m tcp --dport 6881 --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/min -j ACCEPT 
-A FORWARD -j firewallog 
-A OUTPUT -p icmp -m state --state INVALID -j DROP 
-A firewallog -m limit --limit 5/min -j LOG --log-prefix "Firewall " 
-A firewallog -j DROP 
COMMIT
# Completed on Thu May 22 03:05:26 2003