Код: Выделить всё
# Generated by iptables-save v1.4.7 on Wed Dec 29 16:08:06 2010
*raw
:PREROUTING ACCEPT [11833:1329213]
:OUTPUT ACCEPT [10650:755445]
COMMIT
# Completed on Wed Dec 29 16:08:06 2010
# Generated by iptables-save v1.4.7 on Wed Dec 29 16:08:06 2010
*nat
:PREROUTING ACCEPT [84:5419]
:POSTROUTING ACCEPT [60:3707]
:OUTPUT ACCEPT [114:8006]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Dec 29 16:08:06 2010
# Generated by iptables-save v1.4.7 on Wed Dec 29 16:08:06 2010
*mangle
:PREROUTING ACCEPT [11833:1329213]
:INPUT ACCEPT [10130:806102]
:FORWARD ACCEPT [1583:506588]
:OUTPUT ACCEPT [10650:755445]
:POSTROUTING ACCEPT [10820:1174038]
:tcfor - [0:0]
:tcout - [0:0]
:tcpost - [0:0]
:tcpre - [0:0]
-A PREROUTING -j tcpre
-A FORWARD -j MARK --set-xmark 0x0/0xffffffff
-A FORWARD -j tcfor
-A OUTPUT -j tcout
-A POSTROUTING -j tcpost
COMMIT
# Completed on Wed Dec 29 16:08:06 2010
# Generated by iptables-save v1.4.7 on Wed Dec 29 16:08:06 2010
*filter
:INPUT DROP [84:7461]
:FORWARD DROP [0:0]
:OUTPUT DROP [2:331]
-A INPUT -i eth1 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m contrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
COMMIT
# Completed on Wed Dec 29 16:08:06 2010