################## #### 目的別チェーンの作成 ### chain to LOG ant then DROP $IPT -N LOG_AND_DROP $IPT -A LOG_AND_DROP -j LOG --log-level warning --log-prefix "iptables:" #-m limit $IPT -A LOG_AND_DROP -j DROP $IPT -A LOG_AND_DROP -j RETURN
#### chain for the packet from WAN $IPT -N WANIN #とりあえず問答無用でDROPな奴 $IPT -A WANIN -s 192.168.0.0/16 -j DROP # 接続が確立しているパケットは許可する( but limit not well-known ports) $IPT -A WANIN -p tcp --dport 1024: \ -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A WANIN -p udp --dport 1024: \ -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A WANIN -p icmp \ -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A WANIN -j RETURN
