# Generated by iptables-save v1.3.5 on Thu Nov 24 15:19:59 2011
*filter
:INPUT DROP [200:29532]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 9999 -j LOG --log-prefix "ACCEPT 9999::" 
-A INPUT -p tcp -m tcp --dport 9999 -j ACCEPT 
-A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m state --state ESTABLISHED -j LOG --log-prefix "conn established::" 
-A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j LOG --log-prefix "DROP invalid::" 
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP 
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 -m state --state NEW -m recent --set --name DEFAULT --rsource 
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 --name DEFAULT --rsource -j DROP 
-A FORWARD -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP 
-A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT 
-A OUTPUT -p tcp -m tcp --sport 9999 -j ACCEPT 
-A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT 
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j LOG --log-prefix "out conn established::" 
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT 
-A OUTPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP 
COMMIT
# Completed on Thu Nov 24 15:19:59 2011