# Generated by iptables-save v1.2.9 on Wed Jun 9 00:44:05 2004 *mangle :PREROUTING ACCEPT [1314947:446138319] :INPUT ACCEPT [369454:53258434] :FORWARD ACCEPT [945437:392876043] :OUTPUT ACCEPT [75339:32309551] :POSTROUTING ACCEPT [1014311:438493194] :trusted-mangle - [0:0] -A PREROUTING -p icmp -j MARK --set-mark 0x1 -A PREROUTING -p icmp -j RETURN -A PREROUTING -i eth0 -j MARK --set-mark 0x8 -A PREROUTING -i eth0 -j RETURN -A PREROUTING -p esp -j MARK --set-mark 0x8 -A PREROUTING -p esp -j RETURN -A PREROUTING -p ah -j MARK --set-mark 0x8 -A PREROUTING -p ah -j RETURN -A PREROUTING -d ! 10.0.0.0/255.0.0.0 -m mark --mark 0x8 -j trusted-mangle -A PREROUTING -d ! 10.0.0.0/255.0.0.0 -m mark --mark 0x8 -j RETURN -A PREROUTING -d ! 10.0.0.0/255.0.0.0 -m mark --mark 0x1 -j RETURN -A PREROUTING -d ! 10.0.0.0/255.0.0.0 -m mark --mark 0x2 -j RETURN -A PREROUTING -d ! 10.0.0.0/255.0.0.0 -i eth1 -j MARK --set-mark 0x4 -A trusted-mangle -p tcp -m tos --tos Minimize-Delay -j MARK --set-mark 0x1 -A trusted-mangle -p tcp -m tos --tos Minimize-Delay -j RETURN -A trusted-mangle -j MARK --set-mark 0x2 COMMIT # Completed on Wed Jun 9 00:44:05 2004 # Generated by iptables-save v1.2.9 on Wed Jun 9 00:44:05 2004 *nat :PREROUTING ACCEPT [11314:986997] :POSTROUTING ACCEPT [15170:969752] :OUTPUT ACCEPT [16320:1141367] -A POSTROUTING -s 10.14.1.0/255.255.255.0 -o ippp+ -j MASQUERADE -A POSTROUTING -s 10.14.2.0/255.255.255.0 -o ippp+ -j MASQUERADE -A POSTROUTING -s 10.14.1.0/255.255.255.0 -o isdn+ -j MASQUERADE -A POSTROUTING -s 10.14.0.0/255.255.0.0 -o ppp0 -m mark --mark 0x8 -j SNAT --to-source 213.240.181.33 -A POSTROUTING -s 10.14.0.0/255.255.0.0 -o ppp0 -j SNAT --to-source 82.139.200.196 -A POSTROUTING -s 10.14.0.0/255.255.0.0 -o ppp+ -j MASQUERADE COMMIT # Completed on Wed Jun 9 00:44:05 2004 # Generated by iptables-save v1.2.9 on Wed Jun 9 00:44:05 2004 *filter :INPUT DROP [692:122913] :FORWARD DROP [2789:439294] :OUTPUT DROP [0:0] :input-wlan - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p udp -m state --state ESTABLISHED -m udp --dport 61000:65095 -j ACCEPT -A INPUT -d 255.255.255.255 -i eth0 -j ACCEPT -A INPUT -d 255.255.255.255 -i eth1 -j ACCEPT -A INPUT -d 255.255.255.255 -i eth2 -j ACCEPT -A INPUT -i eth1 -j input-wlan -A INPUT -s 10.13.0.0/255.255.0.0 -i isdn0 -j ACCEPT -A INPUT -d 213.240.181.33 -p udp -m udp --sport 53 --dport 53 -j ACCEPT -A INPUT -i ppp0 -m state --state ESTABLISHED -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 5 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT -A INPUT -j LOG --log-prefix "INPUT " -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -i ppp0 -m state --state ESTABLISHED -j ACCEPT -A FORWARD -d 127.0.0.0/255.0.0.0 -j ACCEPT -A FORWARD -s 127.0.0.0/255.0.0.0 -j ACCEPT -A FORWARD -s 10.14.1.0/255.255.255.0 -i eth0 -j ACCEPT -A FORWARD -s 10.14.2.0/255.255.255.0 -i eth1 -j ACCEPT -A FORWARD -s 172.16.0.0/255.255.0.0 -i eth2 -j ACCEPT -A FORWARD -s 10.13.0.0/255.255.0.0 -i isdn0 -j ACCEPT -A FORWARD -d 10.14.1.0/255.255.255.0 -i ppp0 -j ACCEPT -A FORWARD -d 10.14.2.0/255.255.255.0 -i ppp0 -j ACCEPT -A FORWARD -s 213.240.181.33 -i ppp0 -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 0 -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 3 -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 5 -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 8 -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 11 -j ACCEPT -A FORWARD -j LOG --log-prefix "FORWARD " -A OUTPUT -d 10.14.2.0/255.255.255.0 -o eth1 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -d 10.14.1.0/255.255.255.0 -o eth0 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -d 10.14.1.0/255.255.255.0 -o eth0 -j ACCEPT -A OUTPUT -d 10.14.2.0/255.255.255.0 -o eth1 -j ACCEPT -A OUTPUT -d 172.16.0.0/255.255.0.0 -o eth2 -j ACCEPT -A OUTPUT -d 10.13.0.0/255.255.0.0 -o isdn0 -j ACCEPT -A OUTPUT -s 213.240.181.33 -o ppp0 -j ACCEPT -A OUTPUT -s 10.14.1.1 -o ppp0 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 5 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT -A OUTPUT -j LOG --log-prefix "OUTPUT " -A input-wlan -s 10.14.2.0/255.255.255.0 -d 10.14.2.1 -i eth1 -p udp -m udp --dport 500 -j ACCEPT -A input-wlan -s 10.14.2.0/255.255.255.0 -i eth1 -p icmp -j ACCEPT -A input-wlan -s 10.14.2.0/255.255.255.0 -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT -A input-wlan -s 10.14.2.0/255.255.255.0 -d 10.14.0.0/255.255.0.0 -i eth1 -p tcp -m tcp --dport 25 -j ACCEPT -A input-wlan -s 10.14.2.0/255.255.255.0 -i eth1 -p tcp -m tcp --dport 53 -j ACCEPT -A input-wlan -s 10.14.2.0/255.255.255.0 -i eth1 -p udp -m udp --dport 53 -j ACCEPT -A input-wlan -s 10.14.2.0/255.255.255.0 -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT -A input-wlan -s 10.14.2.0/255.255.255.0 -i eth1 -p tcp -m tcp --dport 443 -j ACCEPT -A input-wlan -s 10.14.2.0/255.255.255.0 -d 10.14.2.1 -i eth1 -p tcp -m tcp --dport 631 -j ACCEPT -A input-wlan -s 10.14.2.0/255.255.255.0 -i eth1 -p tcp -m tcp --dport 993 -j ACCEPT -A input-wlan -s 10.14.2.0/255.255.255.0 -i eth1 -p tcp -m tcp --dport 110 -j ACCEPT -A input-wlan -s 10.14.2.0/255.255.255.0 -i eth1 -p tcp -m tcp --dport 995 -j ACCEPT -A input-wlan -m mark --mark 0x8 -j ACCEPT -A input-wlan -j LOG --log-prefix "INPUT-WLAN " -A input-wlan -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Wed Jun 9 00:44:05 2004