# Generated by iptables-save v1.2.5 on Tue Mar 26 21:46:44 2002
*nat
:PREROUTING ACCEPT [882:49273]
:POSTROUTING ACCEPT [794:47233]
:OUTPUT ACCEPT [1672:75141]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 
-A PREROUTING -i eth1 -p tcp -m tcp --dport 3128 -j REDIRECT --to-ports 8080 
-A PREROUTING -p tcp -m tcp --dport 6680:6699 -j DNAT --to-destination 192.168.0.10 
-A POSTROUTING -o ppp0 -j MASQUERADE 
COMMIT
# Completed on Tue Mar 26 21:46:44 2002
# Generated by iptables-save v1.2.5 on Tue Mar 26 21:46:44 2002
*mangle
:PREROUTING ACCEPT [307484:109055301]
:INPUT ACCEPT [47933:15611549]
:FORWARD ACCEPT [259549:93443628]
:OUTPUT ACCEPT [48528:21981023]
:POSTROUTING ACCEPT [304217:115076047]
-A PREROUTING -p tcp -m tcp --sport 21 -j TOS --set-tos 0x10 
-A PREROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos 0x08 
-A PREROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos 0x08 
-A PREROUTING -p udp -m udp --sport 53 -j TOS --set-tos 0x10 
-A OUTPUT -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10 
-A OUTPUT -p tcp -m tcp --dport 80 -j TOS --set-tos 0x08 
-A OUTPUT -p tcp -m tcp --dport 443 -j TOS --set-tos 0x08 
-A OUTPUT -p udp -m udp --dport 53 -j TOS --set-tos 0x10 
COMMIT
# Completed on Tue Mar 26 21:46:44 2002
# Generated by iptables-save v1.2.5 on Tue Mar 26 21:46:44 2002
*filter
:INPUT DROP [0:0]
:FORWARD DROP [8:3296]
:OUTPUT DROP [0:0]
:ICMPINBOUND - [0:0]
:ICMPOUTBOUND - [0:0]
:LBADFLAG - [0:0]
:LDROP - [0:0]
:LOG_BAD_PORT - [0:0]
:LOG_INVALID - [0:0]
:LPINGFLOOD - [0:0]
:LREJECT - [0:0]
:LSYNFLOOD - [0:0]
:SPECIALPORTS - [0:0]
:TCPACCEPT - [0:0]
:TEST_FLAG - [0:0]
-A INPUT -d 255.255.255.255 -j LDROP 
-A INPUT -d 192.0.0.255 -j LDROP 
-A INPUT -s 255.255.255.255 -j LDROP 
-A INPUT -s 192.0.0.255 -j LDROP 
-A INPUT -s 10.0.0.0/255.0.0.0 -i ppp0 -j LDROP 
-A INPUT -s 192.168.0.0/255.255.0.0 -i ppp0 -j LDROP 
-A INPUT -s 224.0.0.0/240.0.0.0 -i ppp0 -j LDROP 
-A INPUT -s 240.0.0.0/248.0.0.0 -i ppp0 -j LDROP 
-A INPUT -m state --state INVALID -j LOG_INVALID 
-A INPUT -i eth0 -f -j LOG_INVALID 
-A INPUT -s ! 195.36.166.10 -p tcp -j TEST_FLAG 
-A INPUT -i lo -j ACCEPT 
-A INPUT -d 127.0.0.0/255.0.0.0 -j LREJECT 
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth1 -j ACCEPT 
-A INPUT -s 192.168.0.0/255.255.255.0 -j LREJECT 
-A INPUT -i ppp0 -p icmp -j ICMPINBOUND 
-A INPUT -i ppp0 -p udp -m udp --dport 33434:33523 -j LDROP 
-A INPUT -i ppp0 -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset 
-A INPUT -i ppp0 -p tcp -m multiport --dports ftp-data,ftp -m state --state RELATED,ESTABLISHED -j TCPACCEPT 
-A INPUT -i ppp0 -p tcp -m tcp --dport 21 -m state --state NEW,RELATED,ESTABLISHED -j TCPACCEPT 
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j LDROP 
-A INPUT -i ppp0 -p tcp -m tcp --dport 23 -j LDROP 
-A INPUT -s 195.36.166.10 -i ppp0 -p tcp -m tcp --sport 25 ! --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec --limit-burst 3 -j ACCEPT 
-A INPUT -s 195.36.166.10 -i ppp0 -p tcp -m tcp --sport 110 ! --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec --limit-burst 3 -j ACCEPT 
-A INPUT -i ppp0 -p udp -m udp --dport 513 -j LDROP 
-A INPUT -i ppp0 -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT 
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -m string --string .exe -j LOG --log-prefix "FireWall-DROP-80-EXE1" --log-level 3 
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -m string --string .exe -j DROP 
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -m string --string default.ida -j LOG --log-prefix "FireWall-DROP-80-IDA" --log-level 3 
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -m string --string default.ida -j DROP 
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -m string --string cmd.exe -j LOG --log-prefix "FireWall-DROP-80-EXE2" --log-level 3 
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -m string --string cmd.exe -j DROP 
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -m string --string c+dir -j LOG --log-prefix "FireWall-DROP-80-C+DIR" --log-level 3 
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -m string --string c+dir -j DROP 
-A INPUT -i ppp0 -p tcp -m tcp --dport 443 -m state --state ESTABLISHED -j TCPACCEPT 
-A INPUT -p udp -m udp --sport 123 -j ACCEPT 
-A INPUT -i ppp0 -j SPECIALPORTS 
-A INPUT -i ppp0 -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j TCPACCEPT 
-A INPUT -i ppp0 -p udp -m udp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j TCPACCEPT 
-A INPUT -i ppp0 -m state --state ESTABLISHED -j TCPACCEPT 
-A INPUT -i ppp0 -p tcp -m multiport --dports netbios-ns,netbios-dgm,netbios-ssn,exec,login,shell,printer -j LDROP 
-A INPUT -j LDROP 
-A FORWARD -m state --state INVALID -j LOG_INVALID 
-A FORWARD -p tcp -j TEST_FLAG 
-A FORWARD -i ppp0 -p udp -m udp --sport 1024:65535 --dport 443 -m state --state ESTABLISHED -j ACCEPT 
-A FORWARD -d 192.168.0.10 -i ppp0 -p tcp -m tcp --dport 6680:6699 -j ACCEPT 
-A FORWARD -i eth1 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -j ACCEPT 
-A FORWARD -i eth1 -p udp -m udp --sport 1024:65535 --dport 1024:65535 -j ACCEPT 
-A FORWARD -i eth1 -p icmp -j ACCEPT 
-A FORWARD -i ppp0 -m state --state ESTABLISHED -j ACCEPT 
-A FORWARD -o ppp0 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A FORWARD -i ppp0 -p tcp -m tcp --dport 1024:65535 -m state --state RELATED -j ACCEPT 
-A FORWARD -i ppp0 -p udp -m udp --dport 1024:65535 -m state --state RELATED -j ACCEPT 
-A FORWARD -j LDROP 
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -s 255.255.255.255 -j LDROP 
-A OUTPUT -s 192.0.0.255 -j LDROP 
-A OUTPUT -d 255.255.255.255 -j LDROP 
-A OUTPUT -d 192.0.0.255 -j LDROP 
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o eth1 -j ACCEPT 
-A OUTPUT -o ppp0 -p icmp -j ICMPOUTBOUND 
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 113 -j REJECT --reject-with tcp-reset 
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 20 -j ACCEPT 
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 21 -j ACCEPT 
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable 
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 23 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable 
-A OUTPUT -d 195.36.166.10 -o eth1 -p tcp -m tcp --sport 25 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A OUTPUT -d 195.36.166.10 -o eth1 -p tcp -m tcp --sport 110 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A OUTPUT -o ppp0 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 443 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A OUTPUT -o ppp0 -p udp -m udp --sport 123 -j ACCEPT 
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A OUTPUT -o ppp0 -p udp -m udp --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A OUTPUT -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 0 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/0 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/1 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/2 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/3 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/4 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/5 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/6 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/7 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/9 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/10 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/11 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/12 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/13 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 11 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 11/0 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 11/1 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 12 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 12/0 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 12/1 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/14 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 3/15 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 4 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 5 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 5/0 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 5/1 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 5/2 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 5/3 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 9 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 10 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 13 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 14 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 17 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -m icmp --icmp-type 18 -j LDROP 
-A ICMPINBOUND -i ppp0 -p icmp -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 0 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/0 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/1 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/2 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/3 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/5 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/6 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/7 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/9 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/10 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/11 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/12 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/13 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 11 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 11/0 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 11/1 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 12 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 12/0 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 12/1 -m limit --limit 1/sec -j ACCEPT 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/4 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/14 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 3/15 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 4 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 5 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 5/0 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 5/1 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 5/2 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 5/3 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 9 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 10 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 13 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 14 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 17 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -m icmp --icmp-type 18 -j LDROP 
-A ICMPOUTBOUND -o ppp0 -p icmp -j LDROP 
-A LBADFLAG -m limit --limit 1/sec -j LOG --log-prefix "FireWall-B_FLAG/DROP " --log-level 3 
-A LBADFLAG -j DROP 
-A LDROP -p tcp -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "FireWall/TCP/Log_DROP " --log-level 3 
-A LDROP -p udp -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "FireWall/UDP/Log_DROP " --log-level 3 
-A LDROP -p icmp -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "FireWall/ICMP/Log_DROP " --log-level 3 
-A LDROP -f -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "FireWall/FRAGMENT/L_DROP " --log-level 3 
-A LDROP -j DROP 
-A LOG_BAD_PORT -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "FireWall-BAD_PORT/DROP " --log-level 3 
-A LOG_BAD_PORT -j DROP 
-A LOG_INVALID -m limit --limit 1/sec -j LOG --log-prefix "FireWall-INVALID/DROP " --log-level 3 
-A LOG_INVALID -j DROP 
-A LPINGFLOOD -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "FireWall-Ping_FLOOD/DROP " --log-level 3 
-A LPINGFLOOD -j DROP 
-A LREJECT -p tcp -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "FireWall-TCP/REJECT " --log-level 3 
-A LREJECT -p udp -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "FireWall-UDP/REJECT " --log-level 3 
-A LREJECT -p icmp -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "FireWall-ICMP/REJECT " --log-level 3 
-A LREJECT -f -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "FireWall-FRAGMENT/REJECT " --log-level 3 
-A LREJECT -p tcp -j LOG --log-prefix "FireWall-TCP-REJET+RST" --log-level 3 
-A LREJECT -p tcp -j REJECT --reject-with tcp-reset 
-A LREJECT -p udp -j LOG --log-prefix "FireWall-UDP-REJET+ICMP+REQ" --log-level 3 
-A LREJECT -p udp -j REJECT --reject-with icmp-port-unreachable 
-A LREJECT -j REJECT --reject-with icmp-port-unreachable 
-A LSYNFLOOD -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "FireWall-Syn_FLOOD/DROP " --log-level 3 
-A LSYNFLOOD -j DROP 
-A SPECIALPORTS -p tcp -m tcp --dport 1234 -j LOG_BAD_PORT 
-A SPECIALPORTS -p tcp -m tcp --dport 6776 -j LOG_BAD_PORT 
-A SPECIALPORTS -p tcp -m tcp --dport 33270 -j LOG_BAD_PORT 
-A SPECIALPORTS -p tcp -m tcp --dport 60001 -j LOG_BAD_PORT 
-A SPECIALPORTS -p tcp -m tcp --dport 27444 -j LOG_BAD_PORT 
-A SPECIALPORTS -p udp -m udp --dport 27444 -j LOG_BAD_PORT 
-A SPECIALPORTS -p tcp -m tcp --dport 6670 -j LOG_BAD_PORT 
-A SPECIALPORTS -p tcp -m tcp --dport 1243 -j LOG_BAD_PORT 
-A SPECIALPORTS -p udp -m udp --dport 1243 -j LOG_BAD_PORT 
-A SPECIALPORTS -p tcp -m tcp --dport 27374 -j LOG_BAD_PORT 
-A SPECIALPORTS -p udp -m udp --dport 27374 -j LOG_BAD_PORT 
-A SPECIALPORTS -p tcp -m tcp --dport 6711:6713 -j LOG_BAD_PORT 
-A SPECIALPORTS -p tcp -m tcp --dport 12345:12346 -j LOG_BAD_PORT 
-A SPECIALPORTS -p tcp -m tcp --dport 20034 -j LOG_BAD_PORT 
-A SPECIALPORTS -p udp -m udp --dport 31335:31338 -j LOG_BAD_PORT 
-A SPECIALPORTS -p tcp -m tcp --dport 6000 -j LOG_BAD_PORT 
-A SPECIALPORTS -p udp -m udp --dport 28431 -j LOG_BAD_PORT 
-A TCPACCEPT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 15/min --limit-burst 3 -j ACCEPT 
-A TCPACCEPT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j LSYNFLOOD 
-A TCPACCEPT -p tcp -m tcp --tcp-flags RST,ACK RST,ACK -m limit --limit 15/min --limit-burst 3 -j ACCEPT 
-A TCPACCEPT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -j ACCEPT 
-A TEST_FLAG -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j LBADFLAG 
-A TEST_FLAG -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j LBADFLAG 
-A TEST_FLAG -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j LBADFLAG 
-A TEST_FLAG -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LBADFLAG 
-A TEST_FLAG -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j LBADFLAG 
-A TEST_FLAG -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j LBADFLAG 
COMMIT
# Completed on Tue Mar 26 21:46:44 2002