# Generated by iptables-save v1.4.6 on Sun Jan 22 17:00:05 2012
*nat
:PREROUTING ACCEPT [78:6190]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [8:608]
:nat_reflection_in - [0:0]
:nat_reflection_out - [0:0]
:postrouting_rule - [0:0]
:prerouting_dmz - [0:0]
:prerouting_lan - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan - [0:0]
:zone_dmz_nat - [0:0]
:zone_dmz_prerouting - [0:0]
:zone_lan_nat - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_nat - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -j prerouting_rule 
-A PREROUTING -i eth1 -j zone_lan_prerouting 
-A PREROUTING -i eth2 -j zone_dmz_prerouting 
-A PREROUTING -i eth0 -j zone_wan_prerouting 
-A POSTROUTING -j postrouting_rule 
-A POSTROUTING -o eth1 -j zone_lan_nat 
-A POSTROUTING -o eth2 -j zone_dmz_nat 
-A POSTROUTING -o eth0 -j zone_wan_nat 
-A postrouting_rule -j nat_reflection_out 
-A prerouting_rule -j nat_reflection_in 
-A zone_dmz_prerouting -j prerouting_dmz 
-A zone_lan_prerouting -j prerouting_lan 
-A zone_wan_nat -j MASQUERADE 
-A zone_wan_prerouting -j prerouting_wan 
COMMIT
# Completed on Sun Jan 22 17:00:05 2012
# Generated by iptables-save v1.4.6 on Sun Jan 22 17:00:05 2012
*raw
:PREROUTING ACCEPT [736:98705]
:OUTPUT ACCEPT [665:133618]
:zone_dmz_notrack - [0:0]
:zone_lan_notrack - [0:0]
:zone_wan_notrack - [0:0]
-A PREROUTING -i eth1 -j zone_lan_notrack 
-A PREROUTING -i eth2 -j zone_dmz_notrack 
-A PREROUTING -i eth0 -j zone_wan_notrack 
COMMIT
# Completed on Sun Jan 22 17:00:05 2012
# Generated by iptables-save v1.4.6 on Sun Jan 22 17:00:05 2012
*mangle
:PREROUTING ACCEPT [736:98705]
:INPUT ACCEPT [736:98705]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [665:133618]
:POSTROUTING ACCEPT [665:133618]
:zone_wan_MSSFIX - [0:0]
-A FORWARD -j zone_wan_MSSFIX 
-A zone_wan_MSSFIX -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 
COMMIT
# Completed on Sun Jan 22 17:00:05 2012
# Generated by iptables-save v1.4.6 on Sun Jan 22 17:00:05 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forward - [0:0]
:forwarding_dmz - [0:0]
:forwarding_lan - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan - [0:0]
:input - [0:0]
:input_dmz - [0:0]
:input_lan - [0:0]
:input_rule - [0:0]
:input_wan - [0:0]
:nat_reflection_fwd - [0:0]
:output - [0:0]
:output_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_dmz - [0:0]
:zone_dmz_ACCEPT - [0:0]
:zone_dmz_DROP - [0:0]
:zone_dmz_REJECT - [0:0]
:zone_dmz_forward - [0:0]
:zone_lan - [0:0]
:zone_lan_ACCEPT - [0:0]
:zone_lan_DROP - [0:0]
:zone_lan_REJECT - [0:0]
:zone_lan_forward - [0:0]
:zone_wan - [0:0]
:zone_wan_ACCEPT - [0:0]
:zone_wan_DROP - [0:0]
:zone_wan_REJECT - [0:0]
:zone_wan_forward - [0:0]
-A INPUT -m state --state INVALID -j DROP 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood 
-A INPUT -j input_rule 
-A INPUT -j input 
-A FORWARD -m state --state INVALID -j DROP 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -j forwarding_rule 
-A FORWARD -j forward 
-A FORWARD -j reject 
-A OUTPUT -m state --state INVALID -j DROP 
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -j output_rule 
-A OUTPUT -j output 
-A forward -i eth1 -j zone_lan_forward 
-A forward -i eth2 -j zone_dmz_forward 
-A forward -i eth0 -j zone_wan_forward 
-A forwarding_rule -j nat_reflection_fwd 
-A input -i eth1 -j zone_lan 
-A input -i eth2 -j zone_dmz 
-A input -i eth0 -j zone_wan 
-A output -j zone_lan_ACCEPT 
-A output -j zone_wan_ACCEPT 
-A output -j zone_dmz_ACCEPT 
-A reject -p tcp -j REJECT --reject-with tcp-reset 
-A reject -j REJECT --reject-with icmp-port-unreachable 
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN 
-A syn_flood -j DROP 
-A zone_dmz -j input_dmz 
-A zone_dmz -j zone_dmz_ACCEPT 
-A zone_dmz_ACCEPT -o eth2 -j ACCEPT 
-A zone_dmz_ACCEPT -i eth2 -j ACCEPT 
-A zone_dmz_DROP -o eth2 -j DROP 
-A zone_dmz_DROP -i eth2 -j DROP 
-A zone_dmz_REJECT -o eth2 -j reject 
-A zone_dmz_REJECT -i eth2 -j reject 
-A zone_dmz_forward -j forwarding_dmz 
-A zone_dmz_forward -j zone_dmz_REJECT 
-A zone_lan -j input_lan 
-A zone_lan -j zone_lan_ACCEPT 
-A zone_lan_ACCEPT -o eth1 -j ACCEPT 
-A zone_lan_ACCEPT -i eth1 -j ACCEPT 
-A zone_lan_DROP -o eth1 -j DROP 
-A zone_lan_DROP -i eth1 -j DROP 
-A zone_lan_REJECT -o eth1 -j reject 
-A zone_lan_REJECT -i eth1 -j reject 
-A zone_lan_forward -j zone_wan_ACCEPT 
-A zone_lan_forward -j forwarding_lan 
-A zone_lan_forward -j zone_lan_REJECT 
-A zone_wan -p udp -m udp --dport 68 -j ACCEPT 
-A zone_wan -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A zone_wan -p tcp -m tcp --dport 22 -j ACCEPT 
-A zone_wan -p tcp -m tcp --dport 443 -j ACCEPT 
-A zone_wan -j input_wan 
-A zone_wan -j zone_wan_REJECT 
-A zone_wan_ACCEPT -o eth0 -j ACCEPT 
-A zone_wan_ACCEPT -i eth0 -j ACCEPT 
-A zone_wan_DROP -o eth0 -j DROP 
-A zone_wan_DROP -i eth0 -j DROP 
-A zone_wan_REJECT -o eth0 -j reject 
-A zone_wan_REJECT -i eth0 -j reject 
-A zone_wan_forward -j forwarding_wan 
-A zone_wan_forward -j zone_wan_REJECT 
COMMIT
# Completed on Sun Jan 22 17:00:05 2012