Chain INPUT (policy DROP) target prot opt source destination LOG all -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `INPUT INVALID ' DROP all -- anywhere anywhere state INVALID MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN MY_DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST MY_DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST MY_DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN MY_DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH MY_DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:3128 ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:3128 ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:http ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:http ACCEPT tcp -- 10.8.92.0/24 anywhere state NEW tcp dpt:3128 ACCEPT tcp -- 10.8.92.0/24 anywhere state NEW tcp dpt:http ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:8000 ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:8000 ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:3000 ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:3000 ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:https ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:https ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:8443 ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:8443 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssmtp ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:imaps ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:imaps ACCEPT tcp -- 10.8.92.0/24 anywhere state NEW tcp dpt:imaps ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:domain ACCEPT udp -- 192.168.92.0/24 anywhere state NEW udp dpt:domain ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:domain ACCEPT udp -- localnet/24 anywhere state NEW udp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ns ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-dgm ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ssn ACCEPT udp -- anywhere anywhere state NEW udp dpt:microsoft-ds ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:netbios-ns ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:netbios-dgm ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:netbios-ssn ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:microsoft-ds ACCEPT udp -- 192.168.92.0/24 anywhere state NEW udp dpt:netbios-ns ACCEPT udp -- 192.168.92.0/24 anywhere state NEW udp dpt:netbios-dgm ACCEPT udp -- 192.168.92.0/24 anywhere state NEW udp dpt:netbios-ssn ACCEPT udp -- 192.168.92.0/24 anywhere state NEW udp dpt:microsoft-ds ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:netbios-ns ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:netbios-dgm ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:netbios-ssn ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:microsoft-ds ACCEPT udp -- localnet/24 anywhere state NEW udp dpt:netbios-ns ACCEPT udp -- localnet/24 anywhere state NEW udp dpt:netbios-dgm ACCEPT udp -- localnet/24 anywhere state NEW udp dpt:netbios-ssn ACCEPT udp -- localnet/24 anywhere state NEW udp dpt:microsoft-ds ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh ACCEPT tcp -- localnet/24 anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh ACCEPT tcp -- 10.8.92.0/24 anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootps ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql ACCEPT udp -- 192.168.92.0/24 anywhere state NEW udp dpt:ntp ACCEPT udp -- localnet/24 anywhere state NEW udp dpt:ntp ACCEPT tcp -- 10.8.92.0/24 anywhere state NEW tcp dpt:rsync ACCEPT udp -- 10.8.92.0/24 anywhere state NEW udp dpt:rsync ACCEPT tcp -- 10.8.92.0/24 anywhere state NEW tcp dpt:rsync ACCEPT udp -- 10.8.92.0/24 anywhere state NEW udp dpt:rsync ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:5901 ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:5902 ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:5903 ACCEPT tcp -- 192.168.92.0/24 anywhere state NEW tcp dpt:5904 ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:5901 ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:5902 ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:5903 ACCEPT tcp -- localnet/24 anywhere state NEW tcp dpt:5904 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5901 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5902 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5903 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5904 ACCEPT icmp -- anywhere anywhere state NEW icmp echo-request ACCEPT icmp -- anywhere anywhere state NEW icmp echo-request MY_REJECT all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination LOG all -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `FORWARD INVALID ' DROP all -- anywhere anywhere state INVALID MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN MY_DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST MY_DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST MY_DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN MY_DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH MY_DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED MY_REJECT all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination LOG all -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `OUTPUT INVALID ' DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssmtp ACCEPT tcp -- anywhere 192.168.92.0/24 state NEW,RELATED,ESTABLISHED tcp dpt:ssh ACCEPT tcp -- anywhere localnet/24 state NEW,RELATED,ESTABLISHED tcp dpt:ssh ACCEPT tcp -- 10.8.92.0/24 anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootps ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn MY_REJECT all -- anywhere anywhere Chain MY_DROP (14 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `PORTSCAN DROP ' DROP all -- anywhere anywhere Chain MY_REJECT (3 references) target prot opt source destination LOG tcp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT TCP ' REJECT tcp -- anywhere anywhere reject-with tcp-reset LOG udp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT UDP ' REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable LOG icmp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `DROP ICMP ' DROP icmp -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT OTHER ' REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable