# Generated by iptables-save v1.4.21 on Fri May  1 17:10:17 2015
*security
:INPUT ACCEPT [5120:1519110]
:FORWARD ACCEPT [7089:5665916]
:OUTPUT ACCEPT [7028:6101782]
COMMIT
# Completed on Fri May  1 17:10:17 2015
# Generated by iptables-save v1.4.21 on Fri May  1 17:10:17 2015
*raw
:PREROUTING ACCEPT [12209:7185026]
:OUTPUT ACCEPT [7028:6101782]
COMMIT
# Completed on Fri May  1 17:10:17 2015
# Generated by iptables-save v1.4.21 on Fri May  1 17:10:17 2015
*nat
:PREROUTING ACCEPT [148:9382]
:INPUT ACCEPT [11:730]
:OUTPUT ACCEPT [15:916]
:POSTROUTING ACCEPT [15:916]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri May  1 17:10:17 2015
# Generated by iptables-save v1.4.21 on Fri May  1 17:10:17 2015
*mangle
:PREROUTING ACCEPT [12209:7185026]
:INPUT ACCEPT [5120:1519110]
:FORWARD ACCEPT [7089:5665916]
:OUTPUT ACCEPT [7028:6101782]
:POSTROUTING ACCEPT [14120:11767854]
COMMIT
# Completed on Fri May  1 17:10:17 2015
# Generated by iptables-save v1.4.21 on Fri May  1 17:10:17 2015
*filter
:INPUT ACCEPT [5120:1519110]
:FORWARD ACCEPT [7089:5665916]
:OUTPUT ACCEPT [7028:6101782]
-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
-A INPUT -i eth0 -p tcp -m state --state NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
-A INPUT -i eth0 -p tcp -m state --state NEW -m recent --update --seconds 30 --hitcount 10 --name DEFAULT --mask 255.255.255.255 --rsource -j DROP
-A FORWARD -i eth0 -p tcp -m state --state NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
-A FORWARD -i eth0 -p tcp -m state --state NEW -m recent --update --seconds 30 --hitcount 10 --name DEFAULT --mask 255.255.255.255 --rsource -j DROP
COMMIT
# Completed on Fri May  1 17:10:17 2015