# Generated by iptables-save v1.4.9.1 on Sun Mar 20 08:58:52 2011
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [540529:318742053]
:DOS_FLOOD_PROTECTION - [0:0]
:ICMP_FLOOD - [0:0]
:ICMP_FLOOD_DROP - [0:0]
:ICMP_FLOOD_DST - [0:0]
:ICMP_FLOOD_SRC - [0:0]
:INVALID_PKT - [0:0]
:LOCAL_TRAFFIC - [0:0]
:SANITY_CHECKS - [0:0]
:SPOOFING_PROTECTION - [0:0]
:SPOOF_DROP - [0:0]
:SYN_FLOOD - [0:0]
:SYN_FLOOD_DROP - [0:0]
:SYN_FLOOD_DST - [0:0]
:SYN_FLOOD_SRC - [0:0]
:UDP_FLOOD - [0:0]
:UDP_FLOOD_DROP - [0:0]
:UDP_FLOOD_DST - [0:0]
:UDP_FLOOD_SRC - [0:0]
[1206508:240665628] -A PREROUTING -s 127.0.0.0/8 -d 127.0.0.0/8 -j LOCAL_TRAFFIC 
[3224457:2669473426] -A PREROUTING -j SANITY_CHECKS 
[3224457:2669473426] -A PREROUTING -j DOS_FLOOD_PROTECTION 
[791:25312] -A PREROUTING -j SPOOFING_PROTECTION 
[3142636:599430837] -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -j LOCAL_TRAFFIC 
[9478600:7586176107] -A DOS_FLOOD_PROTECTION -p tcp -j SYN_FLOOD 
[292906:218500533] -A DOS_FLOOD_PROTECTION -p udp -j UDP_FLOOD 
[15889:1333859] -A DOS_FLOOD_PROTECTION -p icmp -j ICMP_FLOOD 
[15889:1333859] -A ICMP_FLOOD -j ICMP_FLOOD_SRC 
[0:0] -A ICMP_FLOOD_DROP -m limit --limit 5/sec -m logmark --logmark 60014 -j NFLOG --nflog-prefix "ICMP_FLOOD: " 
[0:0] -A ICMP_FLOOD_DROP -j DROP 
[15889:1333859] -A ICMP_FLOOD_DST -m hashlimit --hashlimit-upto 20/sec --hashlimit-burst 20 --hashlimit-mode dstip --hashlimit-name ICMP_FLOOD_DST -j SPOOFING_PROTECTION 
[0:0] -A ICMP_FLOOD_DST -j ICMP_FLOOD_DROP 
[15889:1333859] -A ICMP_FLOOD_SRC -m hashlimit --hashlimit-upto 10/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name ICMP_FLOOD_SRC -j ICMP_FLOOD_DST 
[0:0] -A ICMP_FLOOD_SRC -j ICMP_FLOOD_DROP 
[0:0] -A INVALID_PKT -m logmark --logmark 60007 -j NFLOG --nflog-prefix "INVALID_PKT: " 
[0:0] -A INVALID_PKT -j DROP 
[6285262:1198860466] -A LOCAL_TRAFFIC -j NOTRACK 
[6285262:1198860466] -A LOCAL_TRAFFIC -j ACCEPT 
[0:0] -A SANITY_CHECKS -p tcp -m length2 --layer4 --length 0:19 -j INVALID_PKT 
[0:0] -A SANITY_CHECKS -p udp -m length2 --layer4 --length 0:7 -j INVALID_PKT 
[0:0] -A SANITY_CHECKS -p icmp -m length2 --layer4 --length 0:1 -j INVALID_PKT 
[3187533:2642300069] -A SPOOFING_PROTECTION -j ACCEPT 
[0:0] -A SPOOF_DROP -m logmark --logmark 60008 -j NFLOG --nflog-prefix "IP-SPOOFING DROP: " 
[0:0] -A SPOOF_DROP -j DROP 
[9454391:7584918191] -A SYN_FLOOD -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -j SPOOFING_PROTECTION 
[24209:1257916] -A SYN_FLOOD -j SYN_FLOOD_SRC 
[0:0] -A SYN_FLOOD_DROP -m limit --limit 5/sec -m logmark --logmark 60012 -j NFLOG --nflog-prefix "SYN_FLOOD: " 
[0:0] -A SYN_FLOOD_DROP -j DROP 
[24209:1257916] -A SYN_FLOOD_DST -m hashlimit --hashlimit-upto 200/sec --hashlimit-burst 200 --hashlimit-mode dstip --hashlimit-name SYN_FLOOD_DST -j SPOOFING_PROTECTION 
[0:0] -A SYN_FLOOD_DST -j SYN_FLOOD_DROP 
[24209:1257916] -A SYN_FLOOD_SRC -m hashlimit --hashlimit-upto 100/sec --hashlimit-burst 100 --hashlimit-mode srcip --hashlimit-name SYN_FLOOD_SRC -j SYN_FLOOD_DST 
[0:0] -A SYN_FLOOD_SRC -j SYN_FLOOD_DROP 
[0:0] -A UDP_FLOOD -p udp -m udp --sport 1:65535 --dport 3401 -j SPOOFING_PROTECTION 
[0:0] -A UDP_FLOOD -p udp -m udp --sport 3401 --dport 1:65535 -j SPOOFING_PROTECTION 
[292755:218479441] -A UDP_FLOOD -j UDP_FLOOD_SRC 
[0:0] -A UDP_FLOOD_DROP -m limit --limit 5/sec -m logmark --logmark 60013 -j NFLOG --nflog-prefix "UDP_FLOOD: " 
[0:0] -A UDP_FLOOD_DROP -j DROP 
[292906:218500533] -A UDP_FLOOD_DST -m hashlimit --hashlimit-upto 303/sec --hashlimit-burst 300 --hashlimit-mode dstip --hashlimit-name UDP_FLOOD_DST -j SPOOFING_PROTECTION 
[0:0] -A UDP_FLOOD_DST -j UDP_FLOOD_DROP 
[292906:218500533] -A UDP_FLOOD_SRC -m hashlimit --hashlimit-upto 200/sec --hashlimit-burst 200 --hashlimit-mode srcip --hashlimit-name UDP_FLOOD_SRC -j UDP_FLOOD_DST 
[0:0] -A UDP_FLOOD_SRC -j UDP_FLOOD_DROP 
COMMIT
# Completed on Sun Mar 20 08:58:52 2011
