| # Generated by iptables-save v1.2.4 on Mon Mar 17 19:59:10 2003 |
| *filter |
| :INPUT DROP [0:0] |
| :FORWARD DROP [0:0] |
| :OUTPUT DROP [0:0] |
| :WLAN - [0:0] |
| :accept_log - [0:0] |
| :block - [0:0] |
| :in_icmp - [0:0] |
| :in_trusted - [0:0] |
| :reject_log - [0:0] |
| :wlanout - [0:0] |
| -A INPUT -i wlan0 -j WLAN |
| -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -i lo -j ACCEPT |
| -A INPUT -i ppp0 -p icmp -m limit --limit 1/sec -j in_icmp |
| -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j in_trusted |
| -A INPUT -j block |
| -A FORWARD -d 192.168.100.77/32 -i ppp0 -p udp -m udp --dport 4166 -j ACCEPT |
| -A FORWARD -d 192.168.100.77/32 -i ppp0 -p tcp -m tcp --dport 4180 -j ACCEPT |
| -A FORWARD -d 192.168.100.77/32 -i ppp0 -p tcp -m tcp --dport 4162 -j ACCEPT |
| -A FORWARD -d 192.168.100.77/32 -i ppp0 -p tcp -m tcp --dport 20376 -j ACCEPT |
| -A FORWARD -d 192.168.100.2/32 -i ppp0 -p tcp -m tcp --dport 10209 -j ACCEPT |
| -A FORWARD -d 192.168.100.2/32 -i ppp0 -p tcp -m tcp --dport 881 -j ACCEPT |
| -A FORWARD ! -s 192.168.0.0/24 -i eth2 -p icmp -j DROP |
| -A FORWARD ! -s 192.168.0.0/24 -i eth2 -p udp -j DROP |
| -A FORWARD ! -s 192.168.0.0/24 -i eth2 -p tcp -j DROP |
| -A FORWARD ! -s 192.168.100.0/24 -i eth1 -p icmp -j DROP |
| -A FORWARD ! -s 192.168.100.0/24 -i eth1 -p udp -j DROP |
| -A FORWARD ! -s 192.168.100.0/24 -i eth1 -p tcp -j DROP |
| -A FORWARD -o ppp0 -p udp -m udp --sport 137:139 -j DROP |
| -A FORWARD -o ppp0 -p udp -m udp --sport 445 -j DROP |
| -A FORWARD -o ppp0 -p tcp -m tcp --sport 137:139 -j DROP |
| -A FORWARD -o ppp0 -p tcp -m tcp --sport 445 -j DROP |
| -A FORWARD -i ppp0 -p udp -m udp --dport 137:139 -j DROP |
| -A FORWARD -i ppp0 -p udp -m udp --dport 445 -j DROP |
| -A FORWARD -i ppp0 -p tcp -m tcp --dport 137:139 -j DROP |
| -A FORWARD -i ppp0 -p tcp -m tcp --dport 445 -j DROP |
| -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu |
| -A FORWARD -j block |
| -A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -o lo -j ACCEPT |
| -A OUTPUT -o wlan0 -j wlanout |
| -A OUTPUT -j block |
| -A WLAN -s 192.168.200.4/32 -m mac --mac-source 00:00:f1:05:a0:e0 -j RETURN |
| -A WLAN -s 192.168.200.9/32 -m mac --mac-source 00:00:f1:05:99:85 -j RETURN |
| -A WLAN -m limit --limit 12/min -j LOG --log-prefix "UNKNOWN WLAN dropped:" |
| -A WLAN -j DROP |
| -A accept_log -i ppp0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "TCPConnect on ppp0:" |
| -A accept_log -i ppp0 ! -p tcp -m limit --limit 1/sec -j LOG --log-prefix "Accepted Datagram on ppp0:" |
| -A accept_log -j ACCEPT |
| -A block -m state --state RELATED,ESTABLISHED -j ACCEPT |
| -A block ! -i ppp0 -m state --state NEW -j ACCEPT |
| -A block -p tcp -j reject_log |
| -A block -p udp -j reject_log |
| -A in_icmp -p icmp -m icmp --icmp-type 8 -j ACCEPT |
| -A in_icmp -p icmp -m icmp --icmp-type 4 -j ACCEPT |
| -A in_icmp -p icmp -m icmp --icmp-type 1 -j ACCEPT |
| -A in_icmp -p icmp -m icmp --icmp-type 3 -j ACCEPT |
| -A in_icmp -p icmp -m icmp --icmp-type 11 -j ACCEPT |
| -A in_icmp -p icmp -m icmp --icmp-type 12 -j ACCEPT |
| -A in_trusted -s 10.230.173.148/32 -j ACCEPT |
| -A in_trusted -s 10.230.173.151/32 -j ACCEPT |
| -A reject_log -i ppp0 -p tcp -m tcp --dport 22:80 --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "RejectTCPConnectReq on ppp0:" |
| -A reject_log -p tcp -j REJECT --reject-with tcp-reset |
| -A reject_log -p udp -j REJECT --reject-with icmp-port-unreachable |
| -A wlanout -d 192.168.200.4/32 -j RETURN |
| -A wlanout -d 192.168.200.9/32 -j RETURN |
| -A wlanout -j DROP |
| COMMIT |
| # Completed on Mon Mar 17 19:59:10 2003 |