# Generated by iptables-save v1.4.2 on Thu Mar 17 10:33:19 2011
*mangle
:PREROUTING ACCEPT [32177:28279096]
:INPUT ACCEPT [61:5159]
:FORWARD ACCEPT [32132:28275293]
:OUTPUT ACCEPT [25:2269]
:POSTROUTING ACCEPT [31929:28266398]
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN 
-A PREROUTING -p icmp -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p icmp -j RETURN 
-A PREROUTING -d 161.53.116.38/32 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -d 161.53.116.38/32 -j RETURN 
-A PREROUTING -s 161.53.116.38/32 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -s 161.53.116.38/32 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 107 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 107 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 22 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 22 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 23 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 23 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 53 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 53 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 992 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 992 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 994 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 994 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 107 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 107 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 22 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 22 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 23 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 23 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 53 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 53 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 992 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 992 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 994 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 994 -j RETURN 
-A PREROUTING -p udp -m udp --dport 107 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p udp -m udp --dport 107 -j RETURN 
-A PREROUTING -p udp -m udp --dport 123 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p udp -m udp --dport 123 -j RETURN 
-A PREROUTING -p udp -m udp --dport 53 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p udp -m udp --dport 53 -j RETURN 
-A PREROUTING -p udp -m udp --dport 992 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p udp -m udp --dport 992 -j RETURN 
-A PREROUTING -p udp -m udp --dport 994 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p udp -m udp --dport 994 -j RETURN 
-A PREROUTING -p udp -m udp --sport 107 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p udp -m udp --sport 107 -j RETURN 
-A PREROUTING -p udp -m udp --sport 123 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p udp -m udp --sport 123 -j RETURN 
-A PREROUTING -p udp -m udp --sport 53 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p udp -m udp --sport 53 -j RETURN 
-A PREROUTING -p udp -m udp --sport 992 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p udp -m udp --sport 992 -j RETURN 
-A PREROUTING -p udp -m udp --sport 994 -j MARK --set-xmark 0x1/0xffffffff 
-A PREROUTING -p udp -m udp --sport 994 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x2/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 80 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 80 -j MARK --set-xmark 0x2/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 80 -j RETURN 
-A PREROUTING -p udp -m udp --dport 443 -j MARK --set-xmark 0x2/0xffffffff 
-A PREROUTING -p udp -m udp --dport 443 -j RETURN 
-A PREROUTING -p udp -m udp --sport 443 -j MARK --set-xmark 0x2/0xffffffff 
-A PREROUTING -p udp -m udp --sport 443 -j RETURN 
-A PREROUTING -p udp -m udp --dport 20:21 -j MARK --set-xmark 0x3/0xffffffff 
-A PREROUTING -p udp -m udp --dport 20:21 -j RETURN 
-A PREROUTING -p udp -m udp --sport 20:21 -j MARK --set-xmark 0x3/0xffffffff 
-A PREROUTING -p udp -m udp --sport 20:21 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 110 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 110 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 143 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 143 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 220 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 220 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 25 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 25 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 465 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 465 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 993 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 993 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 995 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --dport 995 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 110 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 110 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 143 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 143 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 220 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 220 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 25 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 25 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 465 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 465 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 993 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 993 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 995 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p tcp -m tcp --sport 995 -j RETURN 
-A PREROUTING -p udp -m udp --dport 110 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p udp -m udp --dport 110 -j RETURN 
-A PREROUTING -p udp -m udp --dport 143 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p udp -m udp --dport 143 -j RETURN 
-A PREROUTING -p udp -m udp --dport 220 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p udp -m udp --dport 220 -j RETURN 
-A PREROUTING -p udp -m udp --dport 993 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p udp -m udp --dport 993 -j RETURN 
-A PREROUTING -p udp -m udp --dport 995 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p udp -m udp --dport 995 -j RETURN 
-A PREROUTING -p udp -m udp --sport 110 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p udp -m udp --sport 110 -j RETURN 
-A PREROUTING -p udp -m udp --sport 143 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p udp -m udp --sport 143 -j RETURN 
-A PREROUTING -p udp -m udp --sport 220 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p udp -m udp --sport 220 -j RETURN 
-A PREROUTING -p udp -m udp --sport 993 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p udp -m udp --sport 993 -j RETURN 
-A PREROUTING -p udp -m udp --sport 995 -j MARK --set-xmark 0x5/0xffffffff 
-A PREROUTING -p udp -m udp --sport 995 -j RETURN 
-A PREROUTING -j MARK --set-xmark 0x6/0xffffffff 
COMMIT
# Completed on Thu Mar 17 10:33:19 2011
# Generated by iptables-save v1.4.2 on Thu Mar 17 10:33:19 2011
*nat
:PREROUTING ACCEPT [942:78277]
:POSTROUTING ACCEPT [697:65864]
:OUTPUT ACCEPT [7:501]
COMMIT
# Completed on Thu Mar 17 10:33:19 2011
# Generated by iptables-save v1.4.2 on Thu Mar 17 10:33:19 2011
*filter
:INPUT ACCEPT [26:2347]
:FORWARD ACCEPT [33841:30699278]
:OUTPUT ACCEPT [26:2345]
:BLACKLIST - [0:0]
:BLACKLISTINT - [0:0]
:BOGUS - [0:0]
:EXT_TO_IN - [0:0]
:IN_TO_EXT - [0:0]
:POLYCOM - [0:0]
:SMTPIN - [0:0]
:SMTPOUT - [0:0]
:SSHIN - [0:0]
:STUDCENTAR - [0:0]
:SYSLOG - [0:0]
:WEBSERVERI - [0:0]
:WHITELIST - [0:0]
-A INPUT -p udp -m udp --dport 514 -j SYSLOG 
-A INPUT -p tcp -m tcp --dport 22 -j SSHIN 
-A INPUT -j BLACKLIST 
-A FORWARD -p icmp -j ACCEPT 
-A FORWARD -s 10.100.0.0/16 -j ACCEPT 
-A FORWARD -d 10.100.0.0/16 -j ACCEPT 
-A FORWARD -j BOGUS 
-A FORWARD -j BLACKLIST 
-A FORWARD -j BLACKLISTINT 
-A FORWARD -j WHITELIST 
-A FORWARD -d 161.53.116.26/32 -j STUDCENTAR 
-A FORWARD -d 161.53.116.34/32 -j STUDCENTAR 
-A FORWARD -d 161.53.116.35/32 -j STUDCENTAR 
-A FORWARD -s 161.53.116.0/22 -p tcp -m tcp --dport 25 -j SMTPOUT 
-A FORWARD -s 161.53.116.0/22 -p tcp -m tcp --dport 465 -j SMTPOUT 
-A FORWARD -s ! 161.53.116.0/22 -d 161.53.116.0/22 -j EXT_TO_IN 
-A FORWARD -s ! 193.198.206.0/24 -d 193.198.206.0/24 -j EXT_TO_IN 
-A FORWARD -s ! 193.198.217.192/27 -d 193.198.217.192/27 -j EXT_TO_IN 
-A FORWARD -s 161.53.116.0/22 -d ! 161.53.116.0/22 -j IN_TO_EXT 
-A FORWARD -s 193.198.206.0/24 -d ! 193.198.206.0/24 -j IN_TO_EXT 
-A FORWARD -s 193.198.217.192/27 -d ! 193.198.217.192/27 -j IN_TO_EXT 
-A BLACKLIST -j RETURN 
-A BLACKLIST -s 161.53.116.250/32 -j REJECT --reject-with icmp-port-unreachable 
-A BLACKLISTINT -j RETURN 
-A BOGUS -d 10.0.0.0/8 -j DROP 
-A BOGUS -s 10.0.0.0/8 -j DROP 
-A BOGUS -d 20.0.0.0/8 -j DROP 
-A BOGUS -s 20.0.0.0/8 -j DROP 
-A BOGUS -d 172.16.0.0/12 -j DROP 
-A BOGUS -s 172.16.0.0/12 -j DROP 
-A BOGUS -d 192.0.2.0/24 -j DROP 
-A BOGUS -s 192.0.2.0/24 -j DROP 
-A BOGUS -d 192.168.0.0/16 -j DROP 
-A BOGUS -s 192.168.0.0/16 -j DROP 
-A BOGUS -d 198.18.0.0/15 -j DROP 
-A BOGUS -s 198.18.0.0/15 -j DROP 
-A BOGUS -j RETURN 
-A EXT_TO_IN -p tcp -m tcp --dport 20:21 -j POLYCOM 
-A EXT_TO_IN -p tcp -m tcp --dport 23 -j POLYCOM 
-A EXT_TO_IN -p tcp -m tcp --dport 80 -j POLYCOM 
-A EXT_TO_IN -p tcp -m tcp --dport 443 -j POLYCOM 
-A EXT_TO_IN -p tcp -m tcp --dport 1503 -j POLYCOM 
-A EXT_TO_IN -p udp -m udp --dport 1718 -j POLYCOM 
-A EXT_TO_IN -p udp -m udp --dport 1719 -j POLYCOM 
-A EXT_TO_IN -p tcp -m tcp --dport 1720 -j POLYCOM 
-A EXT_TO_IN -p tcp -m tcp --dport 1731 -j POLYCOM 
-A EXT_TO_IN -p tcp -m tcp --dport 3601 -j POLYCOM 
-A EXT_TO_IN -p tcp -m tcp --dport 3389 -j POLYCOM 
-A EXT_TO_IN -p tcp -m tcp --dport 67:68 -j DROP 
-A EXT_TO_IN -p udp -m udp --dport 67:68 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 69 -j DROP 
-A EXT_TO_IN -p udp -m udp --dport 69 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 81 -j DROP 
-A EXT_TO_IN -p udp -m udp --dport 82 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 135:139 -j DROP 
-A EXT_TO_IN -p udp -m udp --dport 135:139 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 445 -j DROP 
-A EXT_TO_IN -p udp -m udp --dport 445 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 1433 -j DROP 
-A EXT_TO_IN -p udp -m udp --dport 1433 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 161:164 -j DROP 
-A EXT_TO_IN -p udp -m udp --dport 161:164 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 199 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 3306 -j DROP 
-A EXT_TO_IN -p udp -m udp --dport 3306 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 111 -j DROP 
-A EXT_TO_IN -p udp -m udp --dport 111 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 369 -j DROP 
-A EXT_TO_IN -p udp -m udp --dport 369 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 5000 -j DROP 
-A EXT_TO_IN -p udp -m udp --dport 1900 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 9100 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 515 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 631 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 1080 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 901 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 6129 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 5900 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 3128 -j DROP 
-A EXT_TO_IN -p tcp -m tcp --dport 80 -j WEBSERVERI 
-A EXT_TO_IN -p tcp -m tcp --dport 443 -j WEBSERVERI 
-A EXT_TO_IN -p tcp -m tcp --dport 25 -j SMTPIN 
-A EXT_TO_IN -j RETURN 
-A IN_TO_EXT -p tcp -m tcp --dport 67:68 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p udp -m udp --dport 67:68 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 69 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p udp -m udp --dport 69 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 135:139 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p udp -m udp --dport 135:139 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 445 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p udp -m udp --dport 445 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 1433 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p udp -m udp --dport 1433 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 161:164 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p udp -m udp --dport 161:164 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 199 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 3306 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p udp -m udp --dport 3306 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 111 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p udp -m udp --dport 111 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 369 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p udp -m udp --dport 369 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 5000 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p udp -m udp --dport 1900 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 9100 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 515 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 631 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 1080 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 901 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 6129 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 5900 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -p tcp -m tcp --dport 3128 -j REJECT --reject-with icmp-port-unreachable 
-A IN_TO_EXT -j RETURN 
-A POLYCOM -d 161.53.116.50/32 -j ACCEPT 
-A POLYCOM -d 161.53.117.170/32 -j ACCEPT 
-A POLYCOM -d 161.53.119.201/32 -j ACCEPT 
-A POLYCOM -j RETURN 
-A SMTPIN -d 161.53.116.8/32 -j ACCEPT 
-A SMTPIN -d 193.198.206.4/32 -j ACCEPT 
-A SMTPIN -d 193.198.206.5/32 -j ACCEPT 
-A SMTPIN -d 193.198.206.100/32 -j ACCEPT 
-A SMTPIN -d 193.198.217.194/32 -j ACCEPT 
-A SMTPIN -d 193.198.206.134/32 -j ACCEPT 
-A SMTPIN -d 193.198.206.135/32 -j ACCEPT 
-A SMTPIN -d 193.198.206.140/32 -j ACCEPT 
-A SMTPIN -j LOG --log-prefix "SMTPIN DROP: " --log-level 6 
-A SMTPIN -j DROP 
-A SMTPOUT -s 161.53.116.8/32 -j ACCEPT 
-A SMTPOUT -s 161.53.116.9/32 -j ACCEPT 
-A SMTPOUT -s 161.53.116.11/32 -j ACCEPT 
-A SMTPOUT -s 161.53.116.15/32 -j ACCEPT 
-A SMTPOUT -d 161.53.116.8/32 -j ACCEPT 
-A SMTPOUT -d 161.53.116.9/32 -j ACCEPT 
-A SMTPOUT -d 161.53.116.11/32 -j ACCEPT 
-A SMTPOUT -d 161.53.116.15/32 -j ACCEPT 
-A SMTPOUT -j LOG --log-prefix "SMTPOUT REJECT: " --log-level 6 
-A SMTPOUT -j REJECT --reject-with icmp-port-unreachable 
-A SSHIN -s 127.0.0.1/32 -j ACCEPT 
-A SSHIN -s 161.53.71.194/32 -j ACCEPT 
-A SSHIN -s 161.53.116.15/32 -j ACCEPT 
-A SSHIN -s 161.53.116.8/32 -j ACCEPT 
-A SSHIN -s 161.53.116.21/32 -j ACCEPT 
-A SSHIN -j LOG --log-prefix "SSHIN DROP: " --log-level 6 
-A SSHIN -j DROP 
-A STUDCENTAR -s 161.53.174.34/32 -j ACCEPT 
-A STUDCENTAR -s 161.53.174.35/32 -j ACCEPT 
-A STUDCENTAR -s 161.53.174.212/32 -j ACCEPT 
-A STUDCENTAR -s 161.53.174.234/32 -j ACCEPT 
-A STUDCENTAR -s 161.53.174.235/32 -j ACCEPT 
-A STUDCENTAR -j RETURN 
-A SYSLOG -s 161.53.116.8/32 -j ACCEPT 
-A SYSLOG -s 161.53.116.2/32 -j ACCEPT 
-A SYSLOG -s 161.53.116.7/32 -j ACCEPT 
-A SYSLOG -s 161.53.116.6/32 -j ACCEPT 
-A SYSLOG -s 161.53.116.15/32 -j ACCEPT 
-A SYSLOG -s 161.53.116.9/32 -j ACCEPT 
-A SYSLOG -j DROP 
-A WEBSERVERI -d 161.53.116.8/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.9/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.11/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.12/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.13/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.15/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.16/32 -j ACCEPT 
-A WEBSERVERI -s 161.53.116.0/22 -d 161.53.116.18/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.21/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.49/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.91/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.92/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.97/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.98/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.112/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.116/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.117/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.124/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.130/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.151/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.116.152/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.2/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.3/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.61/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.86/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.87/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.88/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.89/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.105/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.201/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.211/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.224/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.225/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.226/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.117.229/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.118.40/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.118.66/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.118.67/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.118.105/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.118.110/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.118.111/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.118.112/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.118.113/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.118.114/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.119.26/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.119.30/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.119.33/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.119.39/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.119.40/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.119.50/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.119.51/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.119.55/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.119.56/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.119.60/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.119.124/32 -j ACCEPT 
-A WEBSERVERI -d 161.53.119.125/32 -j ACCEPT 
-A WEBSERVERI -d 193.198.202.0/24 -j ACCEPT 
-A WEBSERVERI -d 193.198.206.4/32 -j ACCEPT 
-A WEBSERVERI -d 193.198.206.5/32 -j ACCEPT 
-A WEBSERVERI -d 193.198.206.9/32 -j ACCEPT 
-A WEBSERVERI -d 193.198.206.41/32 -j ACCEPT 
-A WEBSERVERI -d 193.198.206.100/32 -j ACCEPT 
-A WEBSERVERI -d 193.198.206.101/32 -j ACCEPT 
-A WEBSERVERI -d 193.198.206.128/25 -j ACCEPT 
-A WEBSERVERI -d 193.198.217.194/32 -j ACCEPT 
-A WEBSERVERI -d 193.198.217.195/32 -j ACCEPT 
-A WEBSERVERI -d 193.198.217.254/32 -j ACCEPT 
-A WEBSERVERI -j LOG --log-prefix "WEB DROP: " --log-level 6 
-A WEBSERVERI -j DROP 
-A WHITELIST -s 161.53.116.26/32 -j ACCEPT 
-A WHITELIST -s 161.53.116.34/32 -j ACCEPT 
-A WHITELIST -s 161.53.116.35/32 -j ACCEPT 
-A WHITELIST -d 161.53.116.38/32 -p tcp -m tcp --dport 1024:65535 -j ACCEPT 
-A WHITELIST -d 161.53.116.38/32 -p udp -m udp --dport 1024:65535 -j ACCEPT 
-A WHITELIST -d 161.53.119.135/32 -p tcp -m tcp --dport 5900 -j ACCEPT 
-A WHITELIST -s 161.53.116.8/32 -p udp -m udp --dport 161:162 -j ACCEPT 
-A WHITELIST -d 161.53.116.8/32 -p udp -m udp --sport 161:162 -j ACCEPT 
-A WHITELIST -s 161.53.117.147/32 -d 72.35.83.171/32 -j ACCEPT 
-A WHITELIST -s 72.35.83.171/32 -j ACCEPT 
-A WHITELIST -d 72.35.83.171/32 -j ACCEPT 
-A WHITELIST -d 161.53.117.61/32 -p tcp -m tcp --dport 5900 -j ACCEPT 
-A WHITELIST -j RETURN 
COMMIT
# Completed on Thu Mar 17 10:33:19 2011