A) iptables -L -n -v -------------------- Chain PREROUTING (policy ACCEPT 162 packets, 20071 bytes) pkts bytes target prot opt in out source destination 157 19496 AUTO_PRE all -- * * 0.0.0.0/0 0.0.0.0/0 157 19496 USR_PRE all -- * * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 5 packets, 328 bytes) pkts bytes target prot opt in out source destination 5 328 AUTO_POST all -- * * 0.0.0.0/0 0.0.0.0/0 5 328 USR_POST all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 10 packets, 692 bytes) pkts bytes target prot opt in out source destination 9 632 AUTO_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 9 632 USR_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AUTO_OUTPUT (1 references) pkts bytes target prot opt in out source destination Chain AUTO_POST (1 references) pkts bytes target prot opt in out source destination Chain AUTO_PRE (1 references) pkts bytes target prot opt in out source destination Chain USR_OUTPUT (1 references) pkts bytes target prot opt in out source destination Chain USR_POST (1 references) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * eth1 192.168.0.0/17 0.0.0.0/0 Chain USR_PRE (1 references) pkts bytes target prot opt in out source destination ---------------------------------------------------------------------------- B) iptables -L -n -v -t nat --------------------------- Chain INPUT (policy DROP 5 packets, 704 bytes) pkts bytes target prot opt in out source destination 13258 2110K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 448 55484 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 129 14800 SPOOFING_PROTECTION all -- * * 0.0.0.0/0 0.0.0.0/0 129 14800 HA all -- * * 0.0.0.0/0 0.0.0.0/0 129 14800 SANITY_CHECKS all -- * * 0.0.0.0/0 0.0.0.0/0 129 14800 AUTO_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 90 12914 USR_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 90 12914 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 SPOOFING_PROTECTION all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 SANITY_CHECKS all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 AUTO_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 USR_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 1 packets, 60 bytes) pkts bytes target prot opt in out source destination 13258 2110K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 421 108K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 23 1662 HA all -- * * 0.0.0.0/0 0.0.0.0/0 23 1662 SANITY_CHECKS all -- * * 0.0.0.0/0 0.0.0.0/0 23 1662 AUTO_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 4 304 USR_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 4 304 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AUTO_FORWARD (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 Chain AUTO_INPUT (1 references) pkts bytes target prot opt in out source destination 2 96 ACCEPT tcp -- * * 192.168.0.0/17 0.0.0.0/0 tcp spts:1:65535 dpt:22 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1:65535 dpt:22 3 144 ACCEPT tcp -- * * 192.168.0.0/17 0.0.0.0/0 tcp spts:1024:65535 dpt:443 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:443 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:53:65535 dpt:53 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:53:65535 dpt:53 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1:65535 dpt:25 Chain AUTO_OUTPUT (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 213.148.130.10 tcp spts:53:65535 dpt:53 OWNER CMD match named 0 0 ACCEPT udp -- * * 0.0.0.0/0 213.148.130.10 OWNER CMD match named udp spts:53:65535 dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 212.63.37.66 tcp spts:53:65535 dpt:53 OWNER CMD match named 0 0 ACCEPT udp -- * * 0.0.0.0/0 212.63.37.66 OWNER CMD match named udp spts:53:65535 dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 212.63.33.66 tcp spts:53:65535 dpt:53 OWNER CMD match named 0 0 ACCEPT udp -- * * 0.0.0.0/0 212.63.33.66 OWNER CMD match named udp spts:53:65535 dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 213.148.129.10 tcp spts:53:65535 dpt:53 OWNER CMD match named 0 0 ACCEPT udp -- * * 0.0.0.0/0 213.148.129.10 OWNER CMD match named udp spts:53:65535 dpt:53 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1:65535 dpt:25 OWNER CMD match exim 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1:65535 dpt:80 OWNER CMD match aus 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1:65535 dpt:443 OWNER CMD match aus 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1:65535 dpt:80 OWNER CMD match pattern_aus 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1:65535 dpt:443 OWNER CMD match pattern_aus 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 OWNER CMD match netselect udp spts:1024:65535 dpts:33000:34000 Chain HA (2 references) pkts bytes target prot opt in out source destination Chain INVALID_PKT (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `INVALID_PKT: ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain LOGACCEPT (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `ACCEPT: ' 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain LOGDROP (6 references) pkts bytes target prot opt in out source destination 94 13218 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `DROP: ' 94 13218 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain LOGREJECT (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `REJECT: ' 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain SANITY_CHECKS (3 references) pkts bytes target prot opt in out source destination Chain SPOOFING_PROTECTION (2 references) pkts bytes target prot opt in out source destination 0 0 SPOOF_DROP all -- eth1 * 62.8.202.42 0.0.0.0/0 0 0 SPOOF_DROP all -- eth1 * 192.168.0.0/17 0.0.0.0/0 0 0 SPOOF_DROP all -- eth0 * 192.168.0.1 0.0.0.0/0 0 0 SPOOF_DROP all -- eth0 * 62.8.202.32/28 0.0.0.0/0 Chain SPOOF_DROP (4 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `IP-SPOOFING DROP: ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain STRICT_TCP_STATE (0 references) pkts bytes target prot opt in out source destination Chain SYNRATE_LIMIT (0 references) pkts bytes target prot opt in out source destination Chain USR_FORWARD (1 references) pkts bytes target prot opt in out source destination 0 0 LOGACCEPT all -- * * 192.168.0.0/17 0.0.0.0/0 0 0 ACCEPT all -- * * 192.168.64.102 0.0.0.0/0 Chain USR_INPUT (1 references) pkts bytes target prot opt in out source destination Chain USR_OUTPUT (1 references) pkts bytes target prot opt in out source destination