# Generated by iptables-save v1.4.21 on Wed Jun 17 13:41:40 2015
*filter
:INPUT ACCEPT [1101:228112]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [70:23175]
:DOS~Pro-t_ect - [0:0]
:LOGDROP - [0:0]
:Terminal - [0:0]
:IPSEC_42 - [0:0]
-A FORWARD -j LOG --log-prefix "!#*~%&/()=?" --log-level 6
-A FORWARD -s 127.0.0.0/8 -j DROP
-A FORWARD -p udp -m multiport --ports 8080:8081,8082 --something-else -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,443 -j ACCEPT
-A FORWARD -p tcp -m state --state NEW -m tcp --dport 1:65535 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A FORWARD -m conntrack --ctstate NEW,INVALID -j DROP
-A FORWARD -i wlan0 -p icmp -m state --state ESTABLISHED,NEW,RELATED,UNTRACKED -j ACCEPT
-A FORWARD -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A FORWARD ! -i eth+ -j DROP
-A FORWARD -s 100.0.0.0/24 -p tcp -j DOS~Pro-t_ect
-A FORWARD ! -s 131.159.0.0/16 -j DROP
-A FORWARD -p tcp -m multiport --sports 80,443 -j DROP
-A FORWARD -p tcp -m multiport --dports 80,443 -j DROP
-A FORWARD -d 127.0.0.1/32 -o eth1.152 -p udp -m multiport --dports 4569,5000:65535 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m multiport --dports 22 -j DROP
-A FORWARD -i eth0 -p tcp -m multiport --dports 21,873:874,5005,5006,80,548,111,892,2049 -j DROP
-A FORWARD -s 192.168.0.1 -j LOGDROP
-A FORWARD -m iprange --src-range 127.0.0.1-127.0.10.0 -j RETURN
-A FORWARD -m iprange ! --dst-range 127.0.0.1-127.0.10.0 -j RETURN
-A FORWARD -g Terminal
-A FORWARD -j IPSEC_42
-A DOS~Pro-t_ect -p tcp -m tcp --dport 22 -j ACCEPT
-A DOS~Pro-t_ect -p tcp -m state --state NEW -m tcp --dport 1:65535 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A DOS~Pro-t_ect -p udp -j RETURN
-A DOS~Pro-t_ect -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A DOS~Pro-t_ect -p icmp -m comment --comment "!" -j ACCEPT
-A DOS~Pro-t_ect -p icmp -m comment --comment "has space" -j ACCEPT
-A DOS~Pro-t_ect -p icmp -j ACCEPT
-A DOS~Pro-t_ect -p icmpv6 -m icmp6 --icmpv6-type 133 -m comment --comment "this module only works for ip6tables but -p icmpv6 is fine" -j ACCEPT
-A DOS~Pro-t_ect -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m comment --comment "\"" -s 127.0.0.0/8 -j ACCEPT
-A DOS~Pro-t_ect ! -p icmp
-A DOS~Pro-t_ect ! -p tcp ! -s 131.159.0.0/16
-A DOS~Pro-t_ect -i vocb -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A DOS~Pro-t_ect -i vocb -p udp -m udp ! --sport 67:68 ! --dport 67:68 -j ACCEPT
-A LOGDROP
-A LOGDROP -j DROP
-A Terminal -d 127.0.0.1/32 -p udp -m udp --sport 53 -j DROP
-A Terminal -d 127.42.0.1/32 -j REJECT
-A Terminal -j REJECT --reject-with icmp-net-prohibited
-A IPSEC_42 -p esp -m state --state NEW -j ACCEPT
-A IPSEC_42 -p gre -m state --state NEW -j ACCEPT
COMMIT
# Completed on Wed Jun 17 13:41:40 2015
