# Generated by iptables-save v1.2.7a on Tue Jul 13 09:30:44 2010
*nat
:PREROUTING ACCEPT [5562:365511]
:POSTROUTING ACCEPT [1751:105158]
:OUTPUT ACCEPT [1760:107120]
:VSERVER - [0:0]
-A PREROUTING -d 94.27.68.125 -j VSERVER
-A PREROUTING -d 10.21.69.241 -j VSERVER
-A PREROUTING -d 192.168.3.2 -j VSERVER
-A POSTROUTING -s ! 94.27.68.125 -o ppp0 -j MASQUERADE
-A POSTROUTING -s ! 10.21.69.241 -o vlan1 -j MASQUERADE
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -o br0 -j MASQUERADE
-A VSERVER -p tcp -m tcp --dport 8089 -j DNAT --to-destination 192.168.1.254:80
-A VSERVER -p udp -m udp --dport 51255 -j DNAT --to-destination 192.168.1.3:5125 5
-A VSERVER -p udp -m udp --dport 51300 -j DNAT --to-destination 192.168.1.8:5130 0
-A VSERVER -p udp -m udp --dport 59263 -j DNAT --to-destination 192.168.1.7:5926 3
-A VSERVER -p tcp -m tcp --dport 59263 -j DNAT --to-destination 192.168.1.7:5926 3
-A VSERVER -p tcp -m tcp --dport 51413 -j DNAT --to-destination 192.168.1.8:5141 3
-A VSERVER -p udp -m udp --dport 27272 -j DNAT --to-destination 192.168.1.4:2727 2
-A VSERVER -p tcp -m tcp --dport 51300 -j DNAT --to-destination 192.168.1.8:5130 0
-A VSERVER -p udp -m udp --dport 50711 -j DNAT --to-destination 192.168.1.4:5071 1
-A VSERVER -p tcp -m tcp --dport 50711 -j DNAT --to-destination 192.168.1.4:5071 1
-A VSERVER -p udp -m udp --dport 47197 -j DNAT --to-destination 192.168.1.4:4719 7
-A VSERVER -p udp -m udp --dport 59265 -j DNAT --to-destination 192.168.1.7:5926 5
-A VSERVER -p tcp -m tcp --dport 59265 -j DNAT --to-destination 192.168.1.7:5926 5
-A VSERVER -p tcp -m tcp --dport 33058 -j DNAT --to-destination 192.168.1.4:3305 8
-A VSERVER -p tcp -m tcp --dport 6000 -j DNAT --to-destination 192.168.1.8:6000
-A VSERVER -p tcp -m tcp --dport 8077 -j DNAT --to-destination 192.168.1.10:8077
-A VSERVER -p tcp -m tcp --dport 6000 -j DNAT --to-destination 192.168.1.8:6000
-A VSERVER -p tcp -m tcp --dport 9091 -j DNAT --to-destination 192.168.1.8:9091
-A VSERVER -p tcp -m tcp --dport 10000 -j DNAT --to-destination 192.168.1.8:1000 0
COMMIT
# Completed on Tue Jul 13 09:30:44 2010
# Generated by iptables-save v1.2.7a on Tue Jul 13 09:30:44 2010
*mangle
:PREROUTING ACCEPT [37449:4162632]
:INPUT ACCEPT [33894:3594506]
:FORWARD ACCEPT [3305:524753]
:OUTPUT ACCEPT [43593:31186134]
:POSTROUTING ACCEPT [47039:31750434]
COMMIT
# Completed on Tue Jul 13 09:30:44 2010
# Generated by iptables-save v1.2.7a on Tue Jul 13 09:30:44 2010
*filter
:INPUT DROP [3496:210987]
:FORWARD ACCEPT [638:82448]
:OUTPUT ACCEPT [43105:30758683]
:MACS - [0:0]
:SECURITY - [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
-A INPUT -p tcp -m tcp --dport 51778:51779 -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -d 224.0.0.0/240.0.0.0 -p 2 -j ACCEPT
-A INPUT -d 224.0.0.0/240.0.0.0 -p udp -m udp ! --dport 1900 -j ACCEPT
-A INPUT -i ppp0 -m state --state NEW -j SECURITY
-A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -d 192.168.1.254 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5122 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j TCPMSS --clamp-mss-to-pm tu
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ! br0 -o ppp0 -j DROP
-A FORWARD -i ! br0 -o vlan1 -j DROP
-A FORWARD -i ! br0 -m state --state NEW -j SECURITY
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
-A FORWARD -o br0 -j DROP
-A SECURITY -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
-A SECURITY -p udp -m limit --limit 5/sec -j RETURN
-A SECURITY -p icmp -m limit --limit 5/sec -j RETURN
-A SECURITY -j DROP
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequen ce --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence - -log-tcp-options --log-ip-options
-A logdrop -j DROP
COMMIT