# Generated by iptables-save v1.4.2 on Sat Oct 17 13:19:23 2009
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:BADHOST - [0:0]
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j BADHOST 
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j BADHOST 
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j BADHOST 
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j BADHOST 
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j BADHOST 
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j BADHOST 
-A INPUT -s 210.101.248.119/32 -j BADHOST 
-A INPUT -s 201.54.42.10/32 -j BADHOST 
-A INPUT -s 194.177.96.239/32 -j BADHOST 
-A INPUT -s 125.39.42.75/32 -j BADHOST 
-A INPUT -s 123.157.255.24/32 -j BADHOST 
-A INPUT -s 61.129.60.23/32 -j BADHOST 
-A INPUT -s 200.101.70.1/32 -j BADHOST 
-A INPUT -s 121.15.226.230/32 -j BADHOST 
-A INPUT -s 125.64.96.15/32 -j BADHOST 
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource 
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -j REJECT --reject-with icmp-host-prohibited 
-A INPUT -i lo -j ACCEPT 
-A INPUT -s 192.168.2.1/32 -p icmp -j ACCEPT 
-A INPUT -p udp -m udp -m multiport --dports 53,5353 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p udp -m udp -m multiport --sports 53,5353 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp -m multiport --sports 80,443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 192.168.2.149/32 -p tcp -m multiport --dports 22,25,110,113,123,143,465,993,995,5222 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -d 192.168.2.149/32 -p tcp -m multiport --dports 5223,5229,5269,7070,7443,7777 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -d 67.165.208.63/32 -p tcp -m multiport --dports 22,25,110,113,123,143,465,993,995,5222 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -d 67.165.208.63/32 -p tcp -m multiport --dports 5223,5229,5269,7070,7443,7777 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -d 192.168.2.149/32 -p tcp -m iprange --src-range 192.168.2.100-192.168.2.140 -m multiport --dports 3306,9090,9091,6600 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m iprange --dst-range 192.168.2.141-192.168.2.149 -m multiport --dports 80,443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
#-A INPUT -p tcp -d 192.168.2.149 -s 67.165.208.63 --dport 25 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -d 192.168.2.149 -s 67.165.208.63 --sport 25 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j LOG --log-prefix "[IPTABLES]Incoming Rejected: " 
-A INPUT -j REJECT --reject-with icmp-port-unreachable 
-A OUTPUT -d 210.101.248.119/32 -j BADHOST 
-A OUTPUT -d 201.54.42.10/32 -j BADHOST 
-A OUTPUT -d 194.177.96.239/32 -j BADHOST 
-A OUTPUT -d 125.39.42.75/32 -j BADHOST 
-A OUTPUT -d 123.157.255.24/32 -j BADHOST 
-A OUTPUT -d 61.129.60.23/32 -j BADHOST 
-A OUTPUT -d 200.101.70.1/32 -j BADHOST 
-A OUTPUT -d 121.15.226.230/32 -j BADHOST 
-A OUTPUT -d 125.64.96.15/32 -j BADHOST 
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -d 192.168.2.1/32 -p icmp -j ACCEPT 
-A OUTPUT -p udp -m udp -m multiport --sports 53,5353 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -p udp -m udp -m multiport --dports 53,5353 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -p tcp -m tcp -m multiport --dports 80,443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.2.149/32 -p tcp -m multiport --sports 22,25,110,113,123,143,465,993,995,5222 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -s 192.168.2.149/32 -p tcp -m multiport --sports 5223,5229,5269,7070,7443,7777 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -s 67.165.208.63/32 -p tcp -m multiport --sports 22,25,110,113,123,143,465,993,995,5222 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -s 67.165.208.63/32 -p tcp -m multiport --sports 5223,5229,5269,7070,7443,7777 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -s 192.168.2.149/32 -p tcp -m iprange --dst-range 192.168.2.100-192.168.2.140 -m multiport --sports 3306,9090,9091,6600 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -p tcp -m iprange --src-range 192.168.2.141-192.168.2.149 -m multiport --sports 80,443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -p tcp -s 192.168.2.149 -d 67.165.208.63 --dport 25 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p icmp -s 192.168.2.149 -d 67.165.208.63 -j ACCEPT
-A OUTPUT -j LOG --log-prefix "[IPTABLES]Outgoing Rejected: " 
-A OUTPUT -j REJECT --reject-with icmp-port-unreachable 
-A BADHOST -j LOG --log-prefix "Bad Host: " 
-A BADHOST -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -p tcp -m state --state NEW,RELATED,ESTABLISHED -d 192.168.2.149 --dport 443 -i eth1 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
#-A PREROUTING -j LOG --log-prefix "[IPTABLES:ROUTING] "
-A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to 192.168.2.148:443
COMMIT
# Completed on Sat Oct 17 13:19:23 2009