# Generated by iptables-save v1.4.8 on Fri Oct 28 16:08:03 2011
*mangle
:PREROUTING ACCEPT [68232:43165935]
:INPUT ACCEPT [1579:159656]
:FORWARD ACCEPT [66653:43006279]
:OUTPUT ACCEPT [1185:131888]
:POSTROUTING ACCEPT [67701:43129175]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Fri Oct 28 16:08:03 2011
# Generated by iptables-save v1.4.8 on Fri Oct 28 16:08:03 2011
*nat
:PREROUTING ACCEPT [1579:110478]
:POSTROUTING ACCEPT [8:1480]
:OUTPUT ACCEPT [260:17655]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Fri Oct 28 16:08:03 2011
# Generated by iptables-save v1.4.8 on Fri Oct 28 16:08:03 2011
*filter
:INPUT ACCEPT [584:63835]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1185:131888]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT ! -i eth0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
-A INPUT ! -i eth0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
-A INPUT ! -i eth0 -p tcp -m tcp --dport 0:1023 -j DROP
-A INPUT ! -i eth0 -p udp -m udp --dport 0:1023 -j DROP
-A INPUT -m state --state INVALID -j LOG --log-prefix "INPUT DROP INVALID " --log-tcp-options --log-ip-options
-A INPUT -m state --state INVALID -j DROP
-A FORWARD -d 192.168.0.0/16 -i eth0 -j DROP
-A FORWARD -s 192.168.0.0/16 -i eth0 -j ACCEPT
-A FORWARD -d 192.168.0.0/16 -i eth1 -j ACCEPT
-A FORWARD -m state --state INVALID -j LOG --log-prefix "FORWARD DROP INVALID " --log-tcp-options --log-ip-options
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD ! -i lo -j LOG --log-prefix "FORWARD DROP " --log-tcp-options --log-ip-options
-A OUTPUT -m state --state INVALID -j LOG --log-prefix "OUTPUT DROP INVALID " --log-tcp-options --log-ip-options
COMMIT
# Completed on Fri Oct 28 16:08:03 2011
