# Generated by iptables-save v1.4.21 on Sun Aug 16 14:38:21 2015
*raw
:PREROUTING ACCEPT [1418:665773]
:OUTPUT ACCEPT [311:37811]
:lupSpoofProtect - [0:0]
-A PREROUTING -i lup -j lupSpoofProtect
-A PREROUTING ! -s 10.13.42.136/29 -i ldit -j DROP
-A PREROUTING ! -s 10.13.42.128/29 -i lmd -j DROP
-A PREROUTING ! -s 10.13.42.144/28 -i loben -j DROP
-A PREROUTING ! -s 10.13.42.176/28 -i wg -j DROP
-A PREROUTING ! -s 10.13.42.160/28 -i wt -j DROP
-A lupSpoofProtect -s 192.168.0.0/16 -j DROP
-A lupSpoofProtect -s 10.0.0.0/8 -j DROP
-A lupSpoofProtect -s 172.16.0.0/12 -j DROP
-A lupSpoofProtect -d 192.168.0.0/16 -j DROP
-A lupSpoofProtect -d 10.0.0.0/8 -j DROP
-A lupSpoofProtect -d 172.16.0.0/12 -j DROP
COMMIT
# Completed on Sun Aug 16 14:38:21 2015
# Generated by iptables-save v1.4.21 on Sun Aug 16 14:38:21 2015
*mangle
:PREROUTING ACCEPT [1418:665773]
:INPUT ACCEPT [403:34957]
:FORWARD ACCEPT [1015:630816]
:OUTPUT ACCEPT [311:37811]
:POSTROUTING ACCEPT [1343:672490]
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -s 10.13.0.0/16 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Sun Aug 16 14:38:21 2015
# Generated by iptables-save v1.4.21 on Sun Aug 16 14:38:21 2015
*nat
:PREROUTING ACCEPT [24:2004]
:INPUT ACCEPT [12:1292]
:OUTPUT ACCEPT [37:4054]
:POSTROUTING ACCEPT [25:2944]
-A POSTROUTING -s 10.13.43.0/28 -d 224.0.0.0/24 -j RETURN
-A POSTROUTING -s 10.13.43.0/28 -d 255.255.255.255/32 -j RETURN
-A POSTROUTING -s 10.13.43.0/28 ! -d 10.13.43.0/28 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 10.13.43.0/28 ! -d 10.13.43.0/28 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 10.13.43.0/28 ! -d 10.13.43.0/28 -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
-A POSTROUTING -o lup -j MASQUERADE
COMMIT
# Completed on Sun Aug 16 14:38:21 2015
# Generated by iptables-save v1.4.21 on Sun Aug 16 14:38:21 2015
*filter
:INPUT DROP [5:671]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [311:37811]
:BasicSvc - [0:0]
:FromInternalF - [0:0]
:PError - [0:0]
:SSHLimit - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lmd -j ACCEPT
-A INPUT -i ldit -j ACCEPT
-A INPUT -i loben -j ACCEPT
-A INPUT -i wt -j ACCEPT
-A INPUT -i vpriv -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j SSHLimit
-A INPUT -p udp -m udp --sport 53 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --sport 4242 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i vshit -j BasicSvc
-A INPUT -i wg -j BasicSvc
-A INPUT -i lua -j BasicSvc
-A INPUT -i vocb -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A INPUT -i lup -j LOG
-A INPUT -i lup -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A INPUT -i lmd -j PError
-A INPUT -i ldit -j PError
-A INPUT -i loben -j PError
-A INPUT -i wt -j PError
-A INPUT -i vshit -j PError
-A INPUT -i wg -j PError
-A INPUT -i lua -j PError
-A INPUT -i vocb -j PError
-A FORWARD -i lup -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lmd -j FromInternalF
-A FORWARD -i ldit -j FromInternalF
-A FORWARD -i loben -j FromInternalF
-A FORWARD -i wt -j FromInternalF
-A FORWARD -i vshit -o lup -j ACCEPT
-A FORWARD -i wg -o lup -j ACCEPT
-A FORWARD -i lua -o lup -j ACCEPT
-A FORWARD -i vocb -o lup -p udp -m udp --dport 53 -m comment --comment DNS -j ACCEPT
-A FORWARD -i vocb -o lup -p tcp -m tcp --dport 53 -m comment --comment DNS -j ACCEPT
-A FORWARD -d 131.159.207.206/32 -i vocb -o lup -p udp -m udp --dport 1194 -j ACCEPT
-A FORWARD -d 131.159.207.206/32 -i vocb -o lup -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 141.76.2.4/32 -i vocb -o lup -p tcp -j ACCEPT
-A BasicSvc -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A BasicSvc -p udp -m udp --dport 53 -j ACCEPT
-A BasicSvc -p tcp -m tcp --dport 15678 -j ACCEPT
-A FromInternalF -o lmd -j ACCEPT
-A FromInternalF -o ldit -j ACCEPT
-A FromInternalF -o loben -j ACCEPT
-A FromInternalF -o wt -j ACCEPT
-A FromInternalF -o lup -j ACCEPT
-A PError -p tcp -j REJECT --reject-with tcp-reset
-A PError -p udp -j REJECT --reject-with icmp-port-unreachable
-A PError -j REJECT --reject-with icmp-proto-unreachable
-A SSHLimit -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A SSHLimit -m recent --set --name SSHA --mask 255.255.255.255 --rsource
-A SSHLimit -m recent --update --seconds 60 --hitcount 2 --name SSHA --mask 255.255.255.255 --rsource -j DROP
-A SSHLimit -j ACCEPT
COMMIT
# Completed on Sun Aug 16 14:38:21 2015
