Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward
1 ;;; drop ssh brute forcers
chain=input action=drop protocol=tcp src-address-list=ssh_blacklist log=no log-prefix=""
2 ;;; record https brute forcers
chain=input action=add-src-to-address-list protocol=tcp address-list=ssh_blacklist address-list-timeout=1h dst-port=443 log=yes
log-prefix=" --- HTTPS ATTEMPT --- "
3 ;;; record ssh brute forcers
chain=input action=add-src-to-address-list protocol=tcp address-list=ssh_blacklist address-list-timeout=1h dst-port=22 log=yes
log-prefix=" --- SSH ATTEMPT --- "
4 ;;; record http brute forcers
chain=input action=add-src-to-address-list protocol=tcp address-list=ssh_blacklist address-list-timeout=1h dst-port=80 log=yes
log-prefix=" --- HTTP ATTEMPT --- "
5 ;;; default configuration
chain=input action=accept protocol=icmp log=no log-prefix=""
6 ;;; default configuration
chain=input action=accept connection-state=established,related log=no log-prefix=""
7 ;;; default configuration
chain=input action=drop in-interface=eth1 log=no log-prefix=""
8 ;;; default configuration
chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""
9 ;;; default configuration
chain=forward action=accept connection-state=established,related log=no log-prefix=""
10 ;;; default configuration
chain=forward action=drop connection-state=invalid log=no log-prefix=""
11 ;;; default configuration
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=eth1 log=no log-prefix=""
12 ;;; Deny invalid connections
chain=input action=drop connection-state=invalid log=no log-prefix=""