*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [64:11092]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m conntrack --ctstate NEW -m multiport --dports 20:22,25,80,443,110,143,465,587,53,5432 -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -m multiport --dports 53 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s IP/32 -j ACCEPT
-A FORWARD -s IP/32 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Простой
Простой
Простой
Средний
