Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere GENERAL all -- anywhere anywhere INPUT_NEW all -- anywhere anywhere state NEW LOG_GLOBAL_MISS all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination LOG_DROP all -- anywhere anywhere LOG_DROP all -- anywhere anywhere GENERAL all -- anywhere anywhere FORWARD_NEW all -- anywhere anywhere state NEW LOG_GLOBAL_MISS all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination OUTPUT_NEW icmp -- anywhere anywhere state INVALID icmp time-exceeded ACCEPT all -- anywhere anywhere GENERAL all -- anywhere anywhere OUTPUT_NEW all -- anywhere anywhere state NEW LOG_GLOBAL_MISS all -- anywhere anywhere Chain CHECK_IP (1 references) target prot opt source destination DEV_eth1_SRC all -- anywhere anywhere DEV_eth1_DST all -- anywhere anywhere DEV_eth0_SRC all -- anywhere anywhere DEV_eth0_DST all -- anywhere anywhere Chain DEV_eth0_DST (1 references) target prot opt source destination ACCEPT udp -- anywhere 255.255.255.255 udp dpt:bootps RESERVED_DST all -- anywhere anywhere Chain DEV_eth0_SRC (1 references) target prot opt source destination ACCEPT udp -- anywhere 255.255.255.255 udp dpt:bootpc RESERVED_SRC all -- anywhere anywhere Chain DEV_eth1_DST (1 references) target prot opt source destination RETURN all -- anywhere 192.168.0.0/24 LOG_MARTIAN all -- anywhere anywhere Chain DEV_eth1_SRC (1 references) target prot opt source destination RETURN all -- 192.168.0.0/24 anywhere LOG_MARTIAN all -- anywhere anywhere Chain FORWARD_EXT (1 references) target prot opt source destination LOG_ACCEPT all -- anywhere anywhere LOG_MISS_EXT all -- anywhere anywhere Chain FORWARD_INT (1 references) target prot opt source destination LOG_DROP all -- anywhere anywhere LOG_MISS_INT all -- anywhere anywhere Chain FORWARD_NEW (1 references) target prot opt source destination FORWARD_NEW_eth1 all -- anywhere anywhere FORWARD_EXT all -- anywhere anywhere Chain FORWARD_NEW_eth1 (1 references) target prot opt source destination FORWARD_INT all -- anywhere 192.168.0.0/24 Chain GENERAL (3 references) target prot opt source destination SANITY all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED CHECK_IP all -- anywhere anywhere Chain INPUT_EXT (1 references) target prot opt source destination REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with tcp-reset LIMIT_PING_EXT icmp -- anywhere anywhere icmp echo-request ACCEPT tcp -- anywhere anywhere multiport dports smtp,finger,http,webcache,netbios-dgm,netbios-ssn,cardax ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- anywhere anywhere multiport dports auth,ntp,isakmp,ipsec-nat-t DROP udp -- anywhere anywhere multiport dports netbios-ns,ms-sql-m,epmap,cap DROP tcp -- anywhere anywhere multiport dports epmap,blackjack,1028,solid-mux,urbisnet,ctx-bridge,commplex-main,6129 DROP tcp -- anywhere anywhere multiport dports ms-sql-s,ms-sql-m,microsoft-ds ACCEPT all -- ns1.dns.rcn.net/31 anywhere ACCEPT all -- sbo-dhcp1.sbo.ma.cable.rcn.net/31 anywhere LOG_DROP all -- anywhere anywhere LOG_MISS_EXT all -- anywhere anywhere Chain INPUT_INT (1 references) target prot opt source destination LOG_ACCEPT all -- anywhere anywhere LOG_MISS_INT all -- anywhere anywhere Chain INPUT_NEW (1 references) target prot opt source destination INPUT_INT all -- 192.168.0.0/24 anywhere INPUT_EXT all -- anywhere anywhere Chain LIMIT_LOGGING_DROP (8 references) target prot opt source destination RETURN all -- anywhere anywhere limit: avg 10/min burst 10 DROP all -- anywhere anywhere Chain LIMIT_PING_EXT (1 references) target prot opt source destination RETURN all -- anywhere anywhere limit: avg 2/min burst 2 LOG_LIMIT_DROP all -- anywhere anywhere Chain LOG_ACCEPT (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain LOG_DROP (11 references) target prot opt source destination LIMIT_LOGGING_DROP all -- anywhere anywhere LOG all -- anywhere anywhere LOG level crit prefix `[FIAIF_DROP]:' DROP all -- anywhere anywhere Chain LOG_GLOBAL_MISS (3 references) target prot opt source destination LIMIT_LOGGING_DROP all -- anywhere anywhere LOG all -- anywhere anywhere LOG level crit prefix `[FIAIF_GLOBAL_MISS]:' DROP all -- anywhere anywhere Chain LOG_INVALID (1 references) target prot opt source destination LIMIT_LOGGING_DROP all -- anywhere anywhere LOG all -- anywhere anywhere LOG level crit prefix `[FIAIF_INVALID]:' DROP all -- anywhere anywhere Chain LOG_LIMIT_DROP (1 references) target prot opt source destination LIMIT_LOGGING_DROP all -- anywhere anywhere LOG all -- anywhere anywhere LOG level crit prefix `[FIAIF_LIMIT_DROP]:' DROP all -- anywhere anywhere Chain LOG_MARTIAN (54 references) target prot opt source destination LIMIT_LOGGING_DROP all -- anywhere anywhere LOG all -- anywhere anywhere LOG level crit prefix `[FIAIF_MARTIAN]:' DROP all -- anywhere anywhere Chain LOG_MISS_EXT (3 references) target prot opt source destination LIMIT_LOGGING_DROP all -- anywhere anywhere LOG all -- anywhere anywhere LOG level crit prefix `[FIAIF_ZONE_MISS_EXT]:' DROP all -- anywhere anywhere Chain LOG_MISS_INT (3 references) target prot opt source destination LIMIT_LOGGING_DROP all -- anywhere anywhere LOG all -- anywhere anywhere LOG level crit prefix `[FIAIF_ZONE_MISS_INT]:' DROP all -- anywhere anywhere Chain LOG_SCAN (18 references) target prot opt source destination LIMIT_LOGGING_DROP all -- anywhere anywhere LOG all -- anywhere anywhere LOG level crit prefix `[FIAIF_SCAN]:' DROP all -- anywhere anywhere Chain OUTPUT_EXT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere multiport dports ftp,ftp-data,bootpc,bootps,ssh,telnet,netbios-ns,netbios-dgm,netbios-ssn ACCEPT tcp -- anywhere anywhere multiport dports auth,smtp,domain,nicname,finger,http,pgpkeyserver,cvspserver,59321 ACCEPT tcp -- anywhere anywhere multiport dports nntp,ntp,prospero,irc,https,webster,snpp,sms-chat,dict,irdmi,vcom-tunnel,webcache,cddbp-alt,8090,cddbp ACCEPT tcp -- anywhere anywhere tcp dpt:kerberos ACCEPT tcp -- anywhere anywhere multiport dports echo,oirtgsvc ACCEPT tcp -- anywhere anywhere multiport dports pptp,rtsp,arcp,7090 ACCEPT udp -- anywhere anywhere udp dpts:tcpmux:65535 ACCEPT icmp -- anywhere anywhere icmp echo-request LOG_DROP all -- anywhere anywhere LOG_MISS_EXT all -- anywhere anywhere Chain OUTPUT_INT (1 references) target prot opt source destination LOG_ACCEPT all -- anywhere anywhere LOG_MISS_INT all -- anywhere anywhere Chain OUTPUT_NEW (2 references) target prot opt source destination OUTPUT_NEW_eth1 all -- anywhere anywhere OUTPUT_EXT all -- anywhere anywhere Chain OUTPUT_NEW_eth1 (1 references) target prot opt source destination OUTPUT_INT all -- anywhere 192.168.0.0/24 Chain RESERVED_DST (1 references) target prot opt source destination LOG_MARTIAN all -- anywhere default/7 LOG_MARTIAN all -- anywhere 2.0.0.0/8 LOG_MARTIAN all -- anywhere 5.0.0.0/8 LOG_MARTIAN all -- anywhere 14.0.0.0/8 LOG_MARTIAN all -- anywhere 23.0.0.0/8 LOG_MARTIAN all -- anywhere 27.0.0.0/8 LOG_MARTIAN all -- anywhere 31.0.0.0/8 LOG_MARTIAN all -- anywhere 36.0.0.0/7 LOG_MARTIAN all -- anywhere 39.0.0.0/8 LOG_MARTIAN all -- anywhere 42.0.0.0/8 LOG_MARTIAN all -- anywhere 46.0.0.0/8 LOG_MARTIAN all -- anywhere 49.0.0.0/8 LOG_MARTIAN all -- anywhere 50.0.0.0/8 LOG_MARTIAN all -- anywhere 100.0.0.0/6 LOG_MARTIAN all -- anywhere 104.0.0.0/5 LOG_MARTIAN all -- anywhere 112.0.0.0/7 LOG_MARTIAN all -- anywhere loopback/8 LOG_MARTIAN all -- anywhere link-local/16 LOG_MARTIAN all -- anywhere 175.0.0.0/8 LOG_MARTIAN all -- anywhere 176.0.0.0/5 LOG_MARTIAN all -- anywhere 184.0.0.0/7 LOG_MARTIAN all -- anywhere 192.0.2.0/24 LOG_MARTIAN all -- anywhere 197.0.0.0/8 LOG_MARTIAN all -- anywhere 198.18.0.0/15 LOG_MARTIAN all -- anywhere 223.0.0.0/8 LOG_MARTIAN all -- anywhere 240.0.0.0/4 Chain RESERVED_SRC (1 references) target prot opt source destination LOG_MARTIAN all -- default/7 anywhere LOG_MARTIAN all -- 2.0.0.0/8 anywhere LOG_MARTIAN all -- 5.0.0.0/8 anywhere LOG_MARTIAN all -- 14.0.0.0/8 anywhere LOG_MARTIAN all -- 23.0.0.0/8 anywhere LOG_MARTIAN all -- 27.0.0.0/8 anywhere LOG_MARTIAN all -- 31.0.0.0/8 anywhere LOG_MARTIAN all -- 36.0.0.0/7 anywhere LOG_MARTIAN all -- 39.0.0.0/8 anywhere LOG_MARTIAN all -- 42.0.0.0/8 anywhere LOG_MARTIAN all -- 46.0.0.0/8 anywhere LOG_MARTIAN all -- 49.0.0.0/8 anywhere LOG_MARTIAN all -- 50.0.0.0/8 anywhere LOG_MARTIAN all -- 100.0.0.0/6 anywhere LOG_MARTIAN all -- 104.0.0.0/5 anywhere LOG_MARTIAN all -- 112.0.0.0/7 anywhere LOG_MARTIAN all -- loopback/8 anywhere LOG_MARTIAN all -- link-local/16 anywhere LOG_MARTIAN all -- 175.0.0.0/8 anywhere LOG_MARTIAN all -- 176.0.0.0/5 anywhere LOG_MARTIAN all -- 184.0.0.0/7 anywhere LOG_MARTIAN all -- 192.0.2.0/24 anywhere LOG_MARTIAN all -- 197.0.0.0/8 anywhere LOG_MARTIAN all -- 198.18.0.0/15 anywhere LOG_MARTIAN all -- 223.0.0.0/8 anywhere LOG_MARTIAN all -- 240.0.0.0/4 anywhere Chain SANITY (1 references) target prot opt source destination LOG_INVALID all -- anywhere anywhere state INVALID RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/ACK state ESTABLISHED LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/ACK state NEW,RELATED RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN state NEW RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN state RELATED RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/PSH,ACK state ESTABLISHED RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/PSH,ACK state NEW LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/PSH,ACK state RELATED LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN LOG_SCAN tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST LOG_SCAN tcp -- anywhere anywhere tcp flags:SYN,URG/SYN,URG LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,PSH LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,PSH,ACK LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN LOG_SCAN tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH LOG_SCAN tcp -- anywhere anywhere tcp flags:ACK,URG/URG RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/RST state ESTABLISHED LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/RST state NEW,RELATED LOG_SCAN tcp -- anywhere anywhere tcp flags:SYN,ACK/NONE RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN state NEW RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN state RELATED RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,ACK state ESTABLISHED LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,ACK state NEW,RELATED RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,ACK state ESTABLISHED DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,ACK state NEW,RELATED RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/RST,PSH,ACK state ESTABLISHED LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/RST,PSH,ACK state NEW,RELATED RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,ACK state ESTABLISHED LOG_SCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,ACK state NEW,RELATED LOG_DROP icmp -f anywhere anywhere LOG_DROP icmp -- anywhere anywhere icmp address-mask-request LOG_DROP icmp -- anywhere anywhere icmp address-mask-reply LOG_DROP icmp -- anywhere anywhere icmp timestamp-request LOG_DROP icmp -- anywhere anywhere icmp timestamp-reply LOG_DROP icmp -- anywhere anywhere icmp redirect