debianforum.de

*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p icmp -d ww.xx.yy.zz -j DNAT --to-destination 192.168.42.1
-A PREROUTING -d ww.xx.yy.zz -j TRIGGER --trigger-type dnat
-A POSTROUTING -o vlan1 -j SNAT --to-source ww.xx.yy.zz
-A POSTROUTING -o br0 -m pkttype --pkt-type broadcast -j RETURN
-A POSTROUTING -o br0 -s 192.168.42.0/24 -d 192.168.42.0/24 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
:logreject - [0:0]
:trigger_out - [0:0]
:lan2wan - [0:0]
:grp_1 - [0:0]
:advgrp_1 - [0:0]
:grp_2 - [0:0]
:advgrp_2 - [0:0]
:grp_3 - [0:0]
:advgrp_3 - [0:0]
:grp_4 - [0:0]
:advgrp_4 - [0:0]
:grp_5 - [0:0]
:advgrp_5 - [0:0]
:grp_6 - [0:0]
:advgrp_6 - [0:0]
:grp_7 - [0:0]
:advgrp_7 - [0:0]
:grp_8 - [0:0]
:advgrp_8 - [0:0]
:grp_9 - [0:0]
:advgrp_9 - [0:0]
:grp_10 - [0:0]
:advgrp_10 - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -i vlan1 --dport 520 -j DROP
-A INPUT -p udp -i br0 --dport 520 -j DROP
-A INPUT -p udp --dport 520 -j ACCEPT
-A INPUT -i vlan1 -p icmp -j DROP
-A INPUT -p igmp -j DROP
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m state --state NEW -j logaccept
-A INPUT -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -j lan2wan
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-I FORWARD -o vlan1 -s 192.168.42.1/24 -p tcp --dport 1723 -j ACCEPT
-I FORWARD -o vlan1 -s 192.168.42.1/24 -p gre -j ACCEPT
-A FORWARD -i vlan1 -o br0 -j TRIGGER --trigger-type in
-A FORWARD -i br0 -j trigger_out
-A FORWARD -i br0 -m state --state NEW -j ACCEPT
-A FORWARD -j DROP
-A logaccept -j ACCEPT
-A logdrop -j DROP
-A logreject -p tcp -m tcp -j REJECT --reject-with tcp-reset
COMMIT