Chain INPUT (policy ACCEPT)target prot opt source destinatio

1. Chain INPUT (policy ACCEPT)
2. target prot opt source destination
3. ACCEPT all -- anywhere anywhere /* !fw3 */
4. input_rule all -- anywhere anywhere /* !fw3: user chain for input */
5. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
6. syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
7. zone_lan_input all -- anywhere anywhere /* !fw3 */
8. zone_wan_input all -- anywhere anywhere /* !fw3 */
9. zone_wan_input all -- anywhere anywhere /* !fw3 */
10.  
11. Chain FORWARD (policy DROP)
12. target prot opt source destination
13. forwarding_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
14. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
15. zone_lan_forward all -- anywhere anywhere /* !fw3 */
16. zone_wan_forward all -- anywhere anywhere /* !fw3 */
17. zone_wan_forward all -- anywhere anywhere /* !fw3 */
18. reject all -- anywhere anywhere /* !fw3 */
19.  
20. Chain OUTPUT (policy ACCEPT)
21. target prot opt source destination
22. ACCEPT all -- anywhere anywhere /* !fw3 */
23. output_rule all -- anywhere anywhere /* !fw3: user chain for output */
24. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
25. zone_lan_output all -- anywhere anywhere /* !fw3 */
26. zone_wan_output all -- anywhere anywhere /* !fw3 */
27. zone_wan_output all -- anywhere anywhere /* !fw3 */
28.  
29. Chain forwarding_lan_rule (1 references)
30. target prot opt source destination
31.  
32. Chain forwarding_rule (1 references)
33. target prot opt source destination
34.  
35. Chain forwarding_wan_rule (1 references)
36. target prot opt source destination
37.  
38. Chain input_lan_rule (1 references)
39. target prot opt source destination
40.  
41. Chain input_rule (1 references)
42. target prot opt source destination
43.  
44. Chain input_wan_rule (1 references)
45. target prot opt source destination
46.  
47. Chain output_lan_rule (1 references)
48. target prot opt source destination
49.  
50. Chain output_rule (1 references)
51. target prot opt source destination
52.  
53. Chain output_wan_rule (1 references)
54. target prot opt source destination
55.  
56. Chain reject (5 references)
57. target prot opt source destination
58. REJECT tcp -- anywhere anywhere /* !fw3 */ reject-with tcp-reset
59. REJECT all -- anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable
60.  
61. Chain syn_flood (1 references)
62. target prot opt source destination
63. RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
64. DROP all -- anywhere anywhere /* !fw3 */
65.  
66. Chain zone_lan_dest_ACCEPT (5 references)
67. target prot opt source destination
68. DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
69. ACCEPT all -- anywhere anywhere /* !fw3 */
70.  
71. Chain zone_lan_forward (1 references)
72. target prot opt source destination
73. forwarding_lan_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
74. zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding lan -> wan */
75. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
76. zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
77.  
78. Chain zone_lan_input (1 references)
79. target prot opt source destination
80. input_lan_rule all -- anywhere anywhere /* !fw3: user chain for input */
81. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
82. zone_lan_src_ACCEPT all -- anywhere anywhere /* !fw3 */
83.  
84. Chain zone_lan_output (1 references)
85. target prot opt source destination
86. output_lan_rule all -- anywhere anywhere /* !fw3: user chain for output */
87. zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
88.  
89. Chain zone_lan_src_ACCEPT (1 references)
90. target prot opt source destination
91. ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
92.  
93. Chain zone_wan_dest_ACCEPT (2 references)
94. target prot opt source destination
95. DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
96. ACCEPT all -- anywhere anywhere /* !fw3 */
97. DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
98. ACCEPT all -- anywhere anywhere /* !fw3 */
99.  
100. Chain zone_wan_dest_REJECT (1 references)
101. target prot opt source destination
102. reject all -- anywhere anywhere /* !fw3 */
103. reject all -- anywhere anywhere /* !fw3 */
104.  
105. Chain zone_wan_forward (2 references)
106. target prot opt source destination
107. forwarding_wan_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
108. zone_lan_dest_ACCEPT esp -- anywhere anywhere /* !fw3: @rule[7] */
109. zone_lan_dest_ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: @rule[8] */
110. zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding wan -> lan */
111. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
112. zone_wan_dest_REJECT all -- anywhere anywhere /* !fw3 */
113.  
114. Chain zone_wan_input (2 references)
115. target prot opt source destination
116. input_wan_rule all -- anywhere anywhere /* !fw3: user chain for input */
117. ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
118. ACCEPT icmp -- anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */
119. ACCEPT igmp -- anywhere anywhere /* !fw3: Allow-IGMP */
120. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
121. zone_wan_src_REJECT all -- anywhere anywhere /* !fw3 */
122.  
123. Chain zone_wan_output (2 references)
124. target prot opt source destination
125. output_wan_rule all -- anywhere anywhere /* !fw3: user chain for output */
126. zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
127.  
128. Chain zone_wan_src_REJECT (1 references)
129. target prot opt source destination
130. reject all -- anywhere anywhere /* !fw3 */
131. reject all -- anywhere anywhere /* !fw3 */