blob: 6e42de78433ecd5eab5e71d48126ea0d8a2b387f [file] [log] [blame]
# Generated by iptables-save v1.2.4 on Mon Mar 17 19:59:10 2003
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:WLAN - [0:0]
:accept_log - [0:0]
:block - [0:0]
:in_icmp - [0:0]
:in_trusted - [0:0]
:reject_log - [0:0]
:wlanout - [0:0]
-A INPUT -i wlan0 -j WLAN
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -i lo -j ACCEPT
-A INPUT -i ppp0 -p icmp -m limit --limit 1/sec -j in_icmp
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j in_trusted
-A INPUT -j block
-A FORWARD -d 192.168.100.77/32 -i ppp0 -p udp -m udp --dport 4166 -j ACCEPT
-A FORWARD -d 192.168.100.77/32 -i ppp0 -p tcp -m tcp --dport 4180 -j ACCEPT
-A FORWARD -d 192.168.100.77/32 -i ppp0 -p tcp -m tcp --dport 4162 -j ACCEPT
-A FORWARD -d 192.168.100.77/32 -i ppp0 -p tcp -m tcp --dport 20376 -j ACCEPT
-A FORWARD -d 192.168.100.2/32 -i ppp0 -p tcp -m tcp --dport 10209 -j ACCEPT
-A FORWARD -d 192.168.100.2/32 -i ppp0 -p tcp -m tcp --dport 881 -j ACCEPT
-A FORWARD ! -s 192.168.0.0/24 -i eth2 -p icmp -j DROP
-A FORWARD ! -s 192.168.0.0/24 -i eth2 -p udp -j DROP
-A FORWARD ! -s 192.168.0.0/24 -i eth2 -p tcp -j DROP
-A FORWARD ! -s 192.168.100.0/24 -i eth1 -p icmp -j DROP
-A FORWARD ! -s 192.168.100.0/24 -i eth1 -p udp -j DROP
-A FORWARD ! -s 192.168.100.0/24 -i eth1 -p tcp -j DROP
-A FORWARD -o ppp0 -p udp -m udp --sport 137:139 -j DROP
-A FORWARD -o ppp0 -p udp -m udp --sport 445 -j DROP
-A FORWARD -o ppp0 -p tcp -m tcp --sport 137:139 -j DROP
-A FORWARD -o ppp0 -p tcp -m tcp --sport 445 -j DROP
-A FORWARD -i ppp0 -p udp -m udp --dport 137:139 -j DROP
-A FORWARD -i ppp0 -p udp -m udp --dport 445 -j DROP
-A FORWARD -i ppp0 -p tcp -m tcp --dport 137:139 -j DROP
-A FORWARD -i ppp0 -p tcp -m tcp --dport 445 -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -j block
-A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -o lo -j ACCEPT
-A OUTPUT -o wlan0 -j wlanout
-A OUTPUT -j block
-A WLAN -s 192.168.200.4/32 -m mac --mac-source 00:00:f1:05:a0:e0 -j RETURN
-A WLAN -s 192.168.200.9/32 -m mac --mac-source 00:00:f1:05:99:85 -j RETURN
-A WLAN -m limit --limit 12/min -j LOG --log-prefix "UNKNOWN WLAN dropped:"
-A WLAN -j DROP
-A accept_log -i ppp0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "TCPConnect on ppp0:"
-A accept_log -i ppp0 ! -p tcp -m limit --limit 1/sec -j LOG --log-prefix "Accepted Datagram on ppp0:"
-A accept_log -j ACCEPT
-A block -m state --state RELATED,ESTABLISHED -j ACCEPT
-A block ! -i ppp0 -m state --state NEW -j ACCEPT
-A block -p tcp -j reject_log
-A block -p udp -j reject_log
-A in_icmp -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A in_icmp -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A in_icmp -p icmp -m icmp --icmp-type 1 -j ACCEPT
-A in_icmp -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A in_icmp -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A in_icmp -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A in_trusted -s 10.230.173.148/32 -j ACCEPT
-A in_trusted -s 10.230.173.151/32 -j ACCEPT
-A reject_log -i ppp0 -p tcp -m tcp --dport 22:80 --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "RejectTCPConnectReq on ppp0:"
-A reject_log -p tcp -j REJECT --reject-with tcp-reset
-A reject_log -p udp -j REJECT --reject-with icmp-port-unreachable
-A wlanout -d 192.168.200.4/32 -j RETURN
-A wlanout -d 192.168.200.9/32 -j RETURN
-A wlanout -j DROP
COMMIT
# Completed on Mon Mar 17 19:59:10 2003