logikz
October 23rd, 2009, 02:36 AM
iptables-save
<code>
# Generated by iptables-save v1.4.1.1 on Fri Oct 23 00:30:01 2009
*mangle
:PREROUTING ACCEPT [4374:5590636]
:INPUT ACCEPT [4374:5590636]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2946:202148]
:POSTROUTING ACCEPT [2855:195708]
COMMIT
# Completed on Fri Oct 23 00:30:01 2009
# Generated by iptables-save v1.4.1.1 on Fri Oct 23 00:30:01 2009
*nat
:PREROUTING ACCEPT [2:656]
:POSTROUTING ACCEPT [865:47619]
:OUTPUT ACCEPT [1005:65100]
-A POSTROUTING -s 192.168.122.0/24 -d ! 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Fri Oct 23 00:30:01 2009
# Generated by iptables-save v1.4.1.1 on Fri Oct 23 00:30:01 2009
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:INBOUND - [0:0]
:LOG_FILTER - [0:0]
:LSI - [0:0]
:LSO - [0:0]
:OUTBOUND - [0:0]
-A INPUT -s 12.207.232.47/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 12.207.232.47/32 -p udp -j ACCEPT
-A INPUT -s 74.84.119.153/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 74.84.119.153/32 -p udp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m limit --limit 10/sec -j ACCEPT
-A INPUT -d 255.255.255.255/32 -i eth0 -j DROP
-A INPUT -d 10.223.223.255/32 -j DROP
-A INPUT -s 224.0.0.0/8 -j DROP
-A INPUT -d 224.0.0.0/8 -j DROP
-A INPUT -s 255.255.255.255/32 -j DROP
-A INPUT -d 0.0.0.0/32 -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -f -m limit --limit 10/min -j LSI
-A INPUT -i eth0 -j INBOUND
-A INPUT -j LOG_FILTER
-A INPUT -j LOG --log-prefix "Unknown Input" --log-level 6
-A FORWARD -p icmp -m limit --limit 10/sec -j ACCEPT
-A FORWARD -j LOG_FILTER
-A FORWARD -j LOG --log-prefix "Unknown Forward" --log-level 6
-A OUTPUT -s 10.223.223.100/32 -d 12.207.232.47/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -s 10.223.223.100/32 -d 12.207.232.47/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -s 10.223.223.100/32 -d 74.84.119.153/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -s 10.223.223.100/32 -d 74.84.119.153/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 224.0.0.0/8 -j DROP
-A OUTPUT -d 224.0.0.0/8 -j DROP
-A OUTPUT -s 255.255.255.255/32 -j DROP
-A OUTPUT -d 0.0.0.0/32 -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -o eth0 -j OUTBOUND
-A OUTPUT -j LOG_FILTER
-A OUTPUT -j LOG --log-prefix "Unknown Output" --log-level 6
-A INBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -j LSI
-A LOG_FILTER -p tcp -m tcp --dport 5353 -j DROP
-A LOG_FILTER -p udp -m udp --dport 5353 -j DROP
-A LSI -j LOG_FILTER
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p icmp -m icmp --icmp-type 8 -j DROP
-A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -j DROP
-A LSO -j LOG_FILTER
-A LSO -m limit --limit 5/sec -j LOG --log-prefix "Outbound " --log-level 6
-A LSO -j REJECT --reject-with icmp-port-unreachable
-A OUTBOUND -p icmp -j ACCEPT
-A OUTBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -p tcp -m tcp --dport 137:139 -j LSO
-A OUTBOUND -p udp -m udp --dport 137:139 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 445 -j LSO
-A OUTBOUND -p udp -m udp --dport 445 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 111 -j LSO
-A OUTBOUND -p udp -m udp --dport 111 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 2049 -j LSO
-A OUTBOUND -p udp -m udp --dport 2049 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 23 -j LSO
-A OUTBOUND -p udp -m udp --dport 23 -j LSO
-A OUTBOUND -j ACCEPT
COMMIT
# Completed on Fri Oct 23 00:30:01 2009
</code>
This is my iptables -L report.
<code>
# Generated by iptables-save v1.4.1.1 on Fri Oct 23 00:30:01 2009
*mangle
:PREROUTING ACCEPT [4374:5590636]
:INPUT ACCEPT [4374:5590636]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2946:202148]
:POSTROUTING ACCEPT [2855:195708]
COMMIT
# Completed on Fri Oct 23 00:30:01 2009
# Generated by iptables-save v1.4.1.1 on Fri Oct 23 00:30:01 2009
*nat
:PREROUTING ACCEPT [2:656]
:POSTROUTING ACCEPT [865:47619]
:OUTPUT ACCEPT [1005:65100]
-A POSTROUTING -s 192.168.122.0/24 -d ! 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Fri Oct 23 00:30:01 2009
# Generated by iptables-save v1.4.1.1 on Fri Oct 23 00:30:01 2009
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:INBOUND - [0:0]
:LOG_FILTER - [0:0]
:LSI - [0:0]
:LSO - [0:0]
:OUTBOUND - [0:0]
-A INPUT -s 12.207.232.47/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 12.207.232.47/32 -p udp -j ACCEPT
-A INPUT -s 74.84.119.153/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 74.84.119.153/32 -p udp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m limit --limit 10/sec -j ACCEPT
-A INPUT -d 255.255.255.255/32 -i eth0 -j DROP
-A INPUT -d 10.223.223.255/32 -j DROP
-A INPUT -s 224.0.0.0/8 -j DROP
-A INPUT -d 224.0.0.0/8 -j DROP
-A INPUT -s 255.255.255.255/32 -j DROP
-A INPUT -d 0.0.0.0/32 -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -f -m limit --limit 10/min -j LSI
-A INPUT -i eth0 -j INBOUND
-A INPUT -j LOG_FILTER
-A INPUT -j LOG --log-prefix "Unknown Input" --log-level 6
-A FORWARD -p icmp -m limit --limit 10/sec -j ACCEPT
-A FORWARD -j LOG_FILTER
-A FORWARD -j LOG --log-prefix "Unknown Forward" --log-level 6
-A OUTPUT -s 10.223.223.100/32 -d 12.207.232.47/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -s 10.223.223.100/32 -d 12.207.232.47/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -s 10.223.223.100/32 -d 74.84.119.153/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -s 10.223.223.100/32 -d 74.84.119.153/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 224.0.0.0/8 -j DROP
-A OUTPUT -d 224.0.0.0/8 -j DROP
-A OUTPUT -s 255.255.255.255/32 -j DROP
-A OUTPUT -d 0.0.0.0/32 -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -o eth0 -j OUTBOUND
-A OUTPUT -j LOG_FILTER
-A OUTPUT -j LOG --log-prefix "Unknown Output" --log-level 6
-A INBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -j LSI
-A LOG_FILTER -p tcp -m tcp --dport 5353 -j DROP
-A LOG_FILTER -p udp -m udp --dport 5353 -j DROP
-A LSI -j LOG_FILTER
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p icmp -m icmp --icmp-type 8 -j DROP
-A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -j DROP
-A LSO -j LOG_FILTER
-A LSO -m limit --limit 5/sec -j LOG --log-prefix "Outbound " --log-level 6
-A LSO -j REJECT --reject-with icmp-port-unreachable
-A OUTBOUND -p icmp -j ACCEPT
-A OUTBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -p tcp -m tcp --dport 137:139 -j LSO
-A OUTBOUND -p udp -m udp --dport 137:139 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 445 -j LSO
-A OUTBOUND -p udp -m udp --dport 445 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 111 -j LSO
-A OUTBOUND -p udp -m udp --dport 111 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 2049 -j LSO
-A OUTBOUND -p udp -m udp --dport 2049 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 23 -j LSO
-A OUTBOUND -p udp -m udp --dport 23 -j LSO
-A OUTBOUND -j ACCEPT
COMMIT
# Completed on Fri Oct 23 00:30:01 2009
</code>
<code>
# Generated by iptables-save v1.4.1.1 on Fri Oct 23 00:30:01 2009
*mangle
:PREROUTING ACCEPT [4374:5590636]
:INPUT ACCEPT [4374:5590636]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2946:202148]
:POSTROUTING ACCEPT [2855:195708]
COMMIT
# Completed on Fri Oct 23 00:30:01 2009
# Generated by iptables-save v1.4.1.1 on Fri Oct 23 00:30:01 2009
*nat
:PREROUTING ACCEPT [2:656]
:POSTROUTING ACCEPT [865:47619]
:OUTPUT ACCEPT [1005:65100]
-A POSTROUTING -s 192.168.122.0/24 -d ! 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Fri Oct 23 00:30:01 2009
# Generated by iptables-save v1.4.1.1 on Fri Oct 23 00:30:01 2009
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:INBOUND - [0:0]
:LOG_FILTER - [0:0]
:LSI - [0:0]
:LSO - [0:0]
:OUTBOUND - [0:0]
-A INPUT -s 12.207.232.47/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 12.207.232.47/32 -p udp -j ACCEPT
-A INPUT -s 74.84.119.153/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 74.84.119.153/32 -p udp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m limit --limit 10/sec -j ACCEPT
-A INPUT -d 255.255.255.255/32 -i eth0 -j DROP
-A INPUT -d 10.223.223.255/32 -j DROP
-A INPUT -s 224.0.0.0/8 -j DROP
-A INPUT -d 224.0.0.0/8 -j DROP
-A INPUT -s 255.255.255.255/32 -j DROP
-A INPUT -d 0.0.0.0/32 -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -f -m limit --limit 10/min -j LSI
-A INPUT -i eth0 -j INBOUND
-A INPUT -j LOG_FILTER
-A INPUT -j LOG --log-prefix "Unknown Input" --log-level 6
-A FORWARD -p icmp -m limit --limit 10/sec -j ACCEPT
-A FORWARD -j LOG_FILTER
-A FORWARD -j LOG --log-prefix "Unknown Forward" --log-level 6
-A OUTPUT -s 10.223.223.100/32 -d 12.207.232.47/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -s 10.223.223.100/32 -d 12.207.232.47/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -s 10.223.223.100/32 -d 74.84.119.153/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -s 10.223.223.100/32 -d 74.84.119.153/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 224.0.0.0/8 -j DROP
-A OUTPUT -d 224.0.0.0/8 -j DROP
-A OUTPUT -s 255.255.255.255/32 -j DROP
-A OUTPUT -d 0.0.0.0/32 -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -o eth0 -j OUTBOUND
-A OUTPUT -j LOG_FILTER
-A OUTPUT -j LOG --log-prefix "Unknown Output" --log-level 6
-A INBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -j LSI
-A LOG_FILTER -p tcp -m tcp --dport 5353 -j DROP
-A LOG_FILTER -p udp -m udp --dport 5353 -j DROP
-A LSI -j LOG_FILTER
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p icmp -m icmp --icmp-type 8 -j DROP
-A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -j DROP
-A LSO -j LOG_FILTER
-A LSO -m limit --limit 5/sec -j LOG --log-prefix "Outbound " --log-level 6
-A LSO -j REJECT --reject-with icmp-port-unreachable
-A OUTBOUND -p icmp -j ACCEPT
-A OUTBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -p tcp -m tcp --dport 137:139 -j LSO
-A OUTBOUND -p udp -m udp --dport 137:139 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 445 -j LSO
-A OUTBOUND -p udp -m udp --dport 445 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 111 -j LSO
-A OUTBOUND -p udp -m udp --dport 111 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 2049 -j LSO
-A OUTBOUND -p udp -m udp --dport 2049 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 23 -j LSO
-A OUTBOUND -p udp -m udp --dport 23 -j LSO
-A OUTBOUND -j ACCEPT
COMMIT
# Completed on Fri Oct 23 00:30:01 2009
</code>
This is my iptables -L report.
<code>
# Generated by iptables-save v1.4.1.1 on Fri Oct 23 00:30:01 2009
*mangle
:PREROUTING ACCEPT [4374:5590636]
:INPUT ACCEPT [4374:5590636]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2946:202148]
:POSTROUTING ACCEPT [2855:195708]
COMMIT
# Completed on Fri Oct 23 00:30:01 2009
# Generated by iptables-save v1.4.1.1 on Fri Oct 23 00:30:01 2009
*nat
:PREROUTING ACCEPT [2:656]
:POSTROUTING ACCEPT [865:47619]
:OUTPUT ACCEPT [1005:65100]
-A POSTROUTING -s 192.168.122.0/24 -d ! 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Fri Oct 23 00:30:01 2009
# Generated by iptables-save v1.4.1.1 on Fri Oct 23 00:30:01 2009
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:INBOUND - [0:0]
:LOG_FILTER - [0:0]
:LSI - [0:0]
:LSO - [0:0]
:OUTBOUND - [0:0]
-A INPUT -s 12.207.232.47/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 12.207.232.47/32 -p udp -j ACCEPT
-A INPUT -s 74.84.119.153/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 74.84.119.153/32 -p udp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m limit --limit 10/sec -j ACCEPT
-A INPUT -d 255.255.255.255/32 -i eth0 -j DROP
-A INPUT -d 10.223.223.255/32 -j DROP
-A INPUT -s 224.0.0.0/8 -j DROP
-A INPUT -d 224.0.0.0/8 -j DROP
-A INPUT -s 255.255.255.255/32 -j DROP
-A INPUT -d 0.0.0.0/32 -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -f -m limit --limit 10/min -j LSI
-A INPUT -i eth0 -j INBOUND
-A INPUT -j LOG_FILTER
-A INPUT -j LOG --log-prefix "Unknown Input" --log-level 6
-A FORWARD -p icmp -m limit --limit 10/sec -j ACCEPT
-A FORWARD -j LOG_FILTER
-A FORWARD -j LOG --log-prefix "Unknown Forward" --log-level 6
-A OUTPUT -s 10.223.223.100/32 -d 12.207.232.47/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -s 10.223.223.100/32 -d 12.207.232.47/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -s 10.223.223.100/32 -d 74.84.119.153/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -s 10.223.223.100/32 -d 74.84.119.153/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 224.0.0.0/8 -j DROP
-A OUTPUT -d 224.0.0.0/8 -j DROP
-A OUTPUT -s 255.255.255.255/32 -j DROP
-A OUTPUT -d 0.0.0.0/32 -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -o eth0 -j OUTBOUND
-A OUTPUT -j LOG_FILTER
-A OUTPUT -j LOG --log-prefix "Unknown Output" --log-level 6
-A INBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -j LSI
-A LOG_FILTER -p tcp -m tcp --dport 5353 -j DROP
-A LOG_FILTER -p udp -m udp --dport 5353 -j DROP
-A LSI -j LOG_FILTER
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p icmp -m icmp --icmp-type 8 -j DROP
-A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -j DROP
-A LSO -j LOG_FILTER
-A LSO -m limit --limit 5/sec -j LOG --log-prefix "Outbound " --log-level 6
-A LSO -j REJECT --reject-with icmp-port-unreachable
-A OUTBOUND -p icmp -j ACCEPT
-A OUTBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -p tcp -m tcp --dport 137:139 -j LSO
-A OUTBOUND -p udp -m udp --dport 137:139 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 445 -j LSO
-A OUTBOUND -p udp -m udp --dport 445 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 111 -j LSO
-A OUTBOUND -p udp -m udp --dport 111 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 2049 -j LSO
-A OUTBOUND -p udp -m udp --dport 2049 -j LSO
-A OUTBOUND -p tcp -m tcp --dport 23 -j LSO
-A OUTBOUND -p udp -m udp --dport 23 -j LSO
-A OUTBOUND -j ACCEPT
COMMIT
# Completed on Fri Oct 23 00:30:01 2009
</code>