# Generated by iptables-save v1.4.6 on Sat Feb  6 18:04:22 2010
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:IF_KNOCK - [0:0]
:KNOCK_ACCEPT - [0:0]
:LOGGING - [0:0]
:RH-Firewall-1-INPUT - [0:0]
:SSH_ACCEPT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT 
-A IF_KNOCK -p tcp -m tcp --dport 1234 -m recent --set --name IF_KNK_LIST --rsource -j LOG --log-prefix "kseq1--waiting: " --log-level 6 --log-ip-options --log-uid 
-A IF_KNOCK -p tcp -m tcp --dport 5678 -m recent --rcheck --seconds 30 --name IF_KNK_LIST --rsource -j KNOCK_ACCEPT 
-A KNOCK_ACCEPT -j LOG --log-prefix "kseq2--welcome: " --log-level 6 --log-ip-options --log-uid 
-A KNOCK_ACCEPT -m recent --set --name ACCPT_KNK_LIST --rsource 
-A KNOCK_ACCEPT -m recent --remove --name IF_KNK_LIST --rsource 
-A LOGGING -m limit --limit 5/min --limit-burst 10 -j LOG --log-prefix "firewall: " --log-level 6 --log-ip-options --log-uid 
-A LOGGING -j DROP 
-A RH-Firewall-1-INPUT -i lo -j ACCEPT 
-A RH-Firewall-1-INPUT -p icmp -j ACCEPT 
-A RH-Firewall-1-INPUT -p esp -j ACCEPT 
-A RH-Firewall-1-INPUT -p ah -j ACCEPT 
-A RH-Firewall-1-INPUT -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT 
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT 
-A RH-Firewall-1-INPUT -s 172.16.0.0/12 -i eth0 -j LOGGING 
-A RH-Firewall-1-INPUT -s 192.168.0.0/16 -i eth0 -j LOGGING 
-A RH-Firewall-1-INPUT -s 127.0.0.0/8 -i eth0 -j LOGGING 
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT 
-A RH-Firewall-1-INPUT -f -j DROP 
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j LOGGING 
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --state NEW -j IF_KNOCK 
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --rcheck --seconds 10800 --name ACCPT_KNK_LIST --rsource -j SSH_ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -j LOGGING 
-A RH-Firewall-1-INPUT -j DROP 
-A SSH_ACCEPT -m recent --set --name NEW_SSH --rsource 
-A SSH_ACCEPT -m recent --update --seconds 520 --hitcount 13 --name NEW_SSH --rsource -j DROP 
-A SSH_ACCEPT -j ACCEPT 
COMMIT
# Completed on Sat Feb  6 18:04:22 2010