iptables -A INPUT -m set --match-set banned src -j DROPiptables -A INPUT -m set

1. iptables -A INPUT -m set --match-set banned src -j DROP
2. iptables -A INPUT -m set --match-set whitelist src -j ACCEPT
3. iptables -A INPUT -m set --match-set whitelist2 src -j ACCEPT
4. iptables -A OUTPUT -m set --match-set banned src -j DROP
5. iptables -A OUTPUT -m set --match-set whitelist src -j ACCEPT
6. iptables -A OUTPUT -m set --match-set whitelist2 src -j ACCEPT
7. iptables -A FORWARD -m set --match-set banned src -j DROP
8. iptables -A FORWARD -m set --match-set whitelist src -j ACCEPT
9. iptables -A FORWARD -m set --match-set whitelist2 src -j ACCEPT
10. iptables -A OUTPUT -p icmp --icmp-type iptables -A OUTPUT -p icmp --icmp-type iptables -A FORWARD -p icmp --icmp-type iptables -A FORWARD -p icmp --icmp-type iptables -A INPUT -i lo -j ACCEPT
11. iptables -A OUTPUT -o lo -j ACCEPT
12. iptables -A INPUT -i lo -p all -j ACCEPT
13. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
14. iptables -t nat -A POSTROUTING -s 10.10.10.50 -o eth1 -j SNAT --to 192.168.1.142
15. iptables -t nat -A POSTROUTING -s 169.254.232.41 -o eth1 -j SNAT --to 192.168.1.142
16. iptables -A FORWARD -i eth1 -j ACCEPT
17. iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --dports 80 -d 192.168.1.142 -j DNAT --to 10.10.10.50:8000
18. iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --dports 3389 -d 192.168.1.142 -j DNAT --to 10.10.10.50
19. iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --dports 80 -d 192.168.1.142 -j DNAT --to 169.254.232.41:8000
20. iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --dports 3389 -d 192.168.1.142 -j DNAT --to 169.254.232.41
21. iptables -N PACKET-CHECK
22. iptables -N 53-SCAN
23. iptables -t filter -A INPUT -m state --state NEW,UNTRACKED -j PACKET-CHECK
24. iptables -t filter -A INPUT -m state --state NEW -j PACKET-CHECK
25. iptables -t filter -A INPUT -m state --state NEW,UNTRACKED -j 53-SCAN
26. iptables -t filter -A INPUT -m state --state NEW -j 53-SCAN
27. iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
28. iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
29. iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
30. iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
31. iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
32. iptables -A INPUT -p tcp -m tcp --dport 3389 -j ACCEPT
33. iptables -A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
34. iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
35. iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
36. iptables -A INPUT -p udp -m udp --dport 69 -j ACCEPT
37. iptables -A INPUT -p udp -m udp --dport 123 -j ACCEPT
38. iptables -A INPUT -p udp -m udp --dport 8000 -j ACCEPT
39. iptables -A INPUT -p udp -i eth2 -m multiport --dports 67,68 -j ACCEPT
40. iptables -A OUTPUT -p udp -o eth2 -m multiport --dports 67,68 -j ACCEPT
41. iptables -A INPUT -p tcp -i eth2 -m tcp --dport 53 -j ACCEPT
42. iptables -A INPUT -p udp -m udp --dport 67 -j DROP
43. iptables -A INPUT -p udp -m udp --dport 68 -j DROP
44. iptables -A OUTPUT -p udp -m udp --dport 67 -j DROP
45. iptables -A OUTPUT -p udp -m udp --dport 68 -j DROP
46. iptables -A INPUT -j DROP
47. iptables -P INPUT DROP
48. iptables -P OUTPUT ACCEPT
49.  
50. iptables -vnL