Код: Выделить всё
# Generated by iptables-save v1.3.6 on Fri May 23 00:34:12 2008
*nat
:PREROUTING ACCEPT [4:365]
:POSTROUTING ACCEPT [3:906]
:OUTPUT ACCEPT [3:906]
COMMIT
# Completed on Fri May 23 00:34:12 2008
# Generated by iptables-save v1.3.6 on Fri May 23 00:34:12 2008
*mangle
:PREROUTING ACCEPT [19:3327]
:INPUT ACCEPT [19:3327]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [23:9456]
:POSTROUTING ACCEPT [23:9456]
COMMIT
# Completed on Fri May 23 00:34:12 2008
# Generated by iptables-save v1.3.6 on Fri May 23 00:34:12 2008
*filter
:FORWARD DROP [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# 80 http TCP
-A INPUT -p tcp -m tcp -m multiport -i eth1 --ports 80 -j ACCEPT
# 80 http UDP
-A INPUT -p udp -m udp -m multiport -i eth1 --ports 80 -j ACCEPT
# Webmin
-A INPUT -p tcp -m tcp -m multiport -i eth1 --ports 10000 -j ACCEPT
# Block all
-A INPUT -i eth1
# 80 TCP http (internet)
-A INPUT -p tcp -m tcp -m multiport -i ppp0 --ports 80 -j ACCEPT
# UDP 80 (internet)
-A INPUT -p udp -m udp -m multiport -i ppp0 --ports 80 -j ACCEPT
# Webmin (internet)
-A INPUT -p tcp -m tcp -m multiport -i ppp0 --ports 10000 -j ACCEPT
# FTP-1 (internet)
-A INPUT -p tcp -m tcp -m multiport -i ppp0 --ports 20 -j ACCEPT
# FTP-3 (internet)
-A INPUT -p tcp -m tcp -m multiport -i ppp0 --ports 21 -j ACCEPT
# SSH (internet)
-A INPUT -p tcp -m tcp -m multiport -i ppp0 --ports 22 -j ACCEPT
# Block all (internet)
-A INPUT -i ppp0 -j REJECT
COMMIT
# Completed on Fri May 23 00:34:12 2008