*security :INPUT ACCEPT [155114:111048110] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [189557:159665631] COMMIT *raw :PREROUTING ACCEPT [155235:111062052] :OUTPUT ACCEPT [189607:159672135] COMMIT *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT *mangle :PREROUTING ACCEPT [155235:111062052] :INPUT ACCEPT [155235:111062052] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [189607:159672135] :POSTROUTING ACCEPT [189594:159674670] COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] :zLog_Drop - [0:0] :zNetwork_Daemon - [0:0] #drop and log chain -A zLog_Drop -m limit --limit 1/min --limit-burst 10 -j LOG --log-prefix "[IPTABLES]: dropped " --log-uid -A zLog_Drop -j DROP #network daemon outbound chain -A zNetwork_Daemon ! -d 192.168.0.0/16 -o eth0 -j ACCEPT #allow connection to non-lan ip only -A zNetwork_Daemon -d 192.168.11.1/32 -o eth0 -p udp -m udp --dport 53 -j ACCEPT #allow DNS -A zNetwork_Daemon ! -o eth0 -j DROP #silent log by dropping local traffic -A zNetwork_Daemon -j zLog_Drop #log and drop #input chain -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #allow established connection -A INPUT -p tcp -m multiport --dports 10000:10010 -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT #listen to a few port only -A INPUT -p udp -m multiport --dports 10000:10010 -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT #listen to a few port only -A INPUT -i lo -j ACCEPT #allow localhost inbound #output chain -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #allow established connection -A OUTPUT -m owner --uid-owner zamule -j zNetwork_Daemon #daemon -A OUTPUT -m owner --uid-owner debian-transmission -j zNetwork_Daemon #daemon -A OUTPUT -m owner --uid-owner zhttpfileserver -j zNetwork_Daemon #daemon -A OUTPUT -m owner --uid-owner avahi -j ACCEPT #trusted -A OUTPUT -m owner --uid-owner root -j ACCEPT #trusted #-A OUTPUT -p icmp -j ACCEPT #-A OUTPUT -p igmp -j ACCEPT -A OUTPUT -j zLog_Drop #allow established connection COMMIT