# Generated by iptables-save v1.3.6 on Thu Jan 22 11:06:01 2009
*mangle
:PREROUTING ACCEPT [121:25929]
:INPUT ACCEPT [74:6025]
:FORWARD ACCEPT [41:19186]
:OUTPUT ACCEPT [38:2968]
:POSTROUTING ACCEPT [58:21242]
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN 
-A PREROUTING -p icmp -j MARK --set-mark 0x1 
-A PREROUTING -p icmp -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 107 -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --dport 107 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 22 -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --dport 22 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 23 -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --dport 23 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 53 -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --dport 53 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 992 -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --dport 992 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 994 -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --dport 994 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 107 -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --sport 107 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 22 -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --sport 22 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 23 -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --sport 23 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 53 -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --sport 53 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 992 -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --sport 992 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 994 -j MARK --set-mark 0x1 
-A PREROUTING -p tcp -m tcp --sport 994 -j RETURN 
-A PREROUTING -p udp -m udp --dport 107 -j MARK --set-mark 0x1 
-A PREROUTING -p udp -m udp --dport 107 -j RETURN 
-A PREROUTING -p udp -m udp --dport 123 -j MARK --set-mark 0x1 
-A PREROUTING -p udp -m udp --dport 123 -j RETURN 
-A PREROUTING -p udp -m udp --dport 53 -j MARK --set-mark 0x1 
-A PREROUTING -p udp -m udp --dport 53 -j RETURN 
-A PREROUTING -p udp -m udp --dport 992 -j MARK --set-mark 0x1 
-A PREROUTING -p udp -m udp --dport 992 -j RETURN 
-A PREROUTING -p udp -m udp --dport 994 -j MARK --set-mark 0x1 
-A PREROUTING -p udp -m udp --dport 994 -j RETURN 
-A PREROUTING -p udp -m udp --sport 107 -j MARK --set-mark 0x1 
-A PREROUTING -p udp -m udp --sport 107 -j RETURN 
-A PREROUTING -p udp -m udp --sport 123 -j MARK --set-mark 0x1 
-A PREROUTING -p udp -m udp --sport 123 -j RETURN 
-A PREROUTING -p udp -m udp --sport 53 -j MARK --set-mark 0x1 
-A PREROUTING -p udp -m udp --sport 53 -j RETURN 
-A PREROUTING -p udp -m udp --sport 992 -j MARK --set-mark 0x1 
-A PREROUTING -p udp -m udp --sport 992 -j RETURN 
-A PREROUTING -p udp -m udp --sport 994 -j MARK --set-mark 0x1 
-A PREROUTING -p udp -m udp --sport 994 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2 
-A PREROUTING -p tcp -m tcp --dport 80 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2 
-A PREROUTING -p tcp -m tcp --sport 80 -j RETURN 
-A PREROUTING -p udp -m udp --dport 443 -j MARK --set-mark 0x2 
-A PREROUTING -p udp -m udp --dport 443 -j RETURN 
-A PREROUTING -p udp -m udp --sport 443 -j MARK --set-mark 0x2 
-A PREROUTING -p udp -m udp --sport 443 -j RETURN 
-A PREROUTING -p udp -m udp --dport 20:21 -j MARK --set-mark 0x3 
-A PREROUTING -p udp -m udp --dport 20:21 -j RETURN 
-A PREROUTING -p udp -m udp --sport 20:21 -j MARK --set-mark 0x3 
-A PREROUTING -p udp -m udp --sport 20:21 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 110 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --dport 110 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 143 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --dport 143 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 220 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --dport 220 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 25 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --dport 25 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 465 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --dport 465 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 993 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --dport 993 -j RETURN 
-A PREROUTING -p tcp -m tcp --dport 995 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --dport 995 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 110 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --sport 110 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 143 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --sport 143 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 220 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --sport 220 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 25 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --sport 25 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 465 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --sport 465 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 993 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --sport 993 -j RETURN 
-A PREROUTING -p tcp -m tcp --sport 995 -j MARK --set-mark 0x5 
-A PREROUTING -p tcp -m tcp --sport 995 -j RETURN 
-A PREROUTING -p udp -m udp --dport 110 -j MARK --set-mark 0x5 
-A PREROUTING -p udp -m udp --dport 110 -j RETURN 
-A PREROUTING -p udp -m udp --dport 143 -j MARK --set-mark 0x5 
-A PREROUTING -p udp -m udp --dport 143 -j RETURN 
-A PREROUTING -p udp -m udp --dport 220 -j MARK --set-mark 0x5 
-A PREROUTING -p udp -m udp --dport 220 -j RETURN 
-A PREROUTING -p udp -m udp --dport 993 -j MARK --set-mark 0x5 
-A PREROUTING -p udp -m udp --dport 993 -j RETURN 
-A PREROUTING -p udp -m udp --dport 995 -j MARK --set-mark 0x5 
-A PREROUTING -p udp -m udp --dport 995 -j RETURN 
-A PREROUTING -p udp -m udp --sport 110 -j MARK --set-mark 0x5 
-A PREROUTING -p udp -m udp --sport 110 -j RETURN 
-A PREROUTING -p udp -m udp --sport 143 -j MARK --set-mark 0x5 
-A PREROUTING -p udp -m udp --sport 143 -j RETURN 
-A PREROUTING -p udp -m udp --sport 220 -j MARK --set-mark 0x5 
-A PREROUTING -p udp -m udp --sport 220 -j RETURN 
-A PREROUTING -p udp -m udp --sport 993 -j MARK --set-mark 0x5 
-A PREROUTING -p udp -m udp --sport 993 -j RETURN 
-A PREROUTING -p udp -m udp --sport 995 -j MARK --set-mark 0x5 
-A PREROUTING -p udp -m udp --sport 995 -j RETURN 
-A PREROUTING -j MARK --set-mark 0x6 
COMMIT
# Completed on Thu Jan 22 11:06:01 2009
# Generated by iptables-save v1.3.6 on Thu Jan 22 11:06:01 2009
*nat
:PREROUTING ACCEPT [26:2683]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MAIL - [0:0]
:REDIREKCIJE - [0:0]
:TUNELI - [0:0]
-A PREROUTING -i eth1 -j REDIREKCIJE 
-A PREROUTING -i vlan2 -j REDIREKCIJE 
-A PREROUTING -i vlan3 -j REDIREKCIJE 
-A PREROUTING -d 161.53.116.15 -i eth0 -j TUNELI 
-A PREROUTING -d 161.53.116.16 -i eth0 -j DNAT --to-destination 20.0.0.8 
-A POSTROUTING -s 20.0.0.8 -o eth0 -j SNAT --to-source 161.53.116.16 
-A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth0 -j MASQUERADE 
-A POSTROUTING -s 10.1.0.0/255.255.255.0 -o eth0 -j MASQUERADE 
-A POSTROUTING -s 10.2.0.0/255.255.255.0 -o eth0 -j MASQUERADE 
-A POSTROUTING -s 20.0.0.0/255.255.255.0 -o eth0 -j MASQUERADE 
-A REDIREKCIJE -p tcp -m tcp --dport 25 -j REDIRECT --to-ports 25 
-A REDIREKCIJE -j RETURN 
-A TUNELI -p tcp -m tcp --dport 50022 -j DNAT --to-destination 20.0.0.7:22 
-A TUNELI -j RETURN 
COMMIT
# Completed on Thu Jan 22 11:06:01 2009
# Generated by iptables-save v1.3.6 on Thu Jan 22 11:06:01 2009
*filter
:INPUT ACCEPT [74:6025]
:FORWARD ACCEPT [17:18152]
:OUTPUT ACCEPT [38:2968]
:BLACKLIST - [0:0]
:BOGUS - [0:0]
:MYSQL - [0:0]
:SNMP - [0:0]
:TCP_FILTER - [0:0]
:TUNELI - [0:0]
:UDP_FILTER - [0:0]
-A INPUT -i lo -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -p udp -m udp --dport 161:162 -j SNMP 
-A INPUT -p tcp -m tcp --dport 3306 -j MYSQL 
-A INPUT -s ! 161.53.116.8 -p udp -m udp --dport 1194 -j DROP 
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -p icmp -j ACCEPT 
-A FORWARD -p udp -m udp --dport 161:162 -j SNMP 
-A FORWARD -o eth0 -j BOGUS 
-A FORWARD -j BLACKLIST 
-A FORWARD -j TUNELI 
-A FORWARD -d 20.0.0.8 -j ACCEPT 
-A FORWARD -o eth0 -p tcp -m tcp -j TCP_FILTER 
-A FORWARD -o eth0 -p udp -m udp -j UDP_FILTER 
-A BLACKLIST -d 195.122.131.0/255.255.255.0 -j REJECT --reject-with icmp-port-unreachable 
-A BLACKLIST -d 82.129.39.0/255.255.255.0 -j REJECT --reject-with icmp-port-unreachable 
-A BLACKLIST -j RETURN 
-A BOGUS -d 10.0.0.0/255.0.0.0 -j DROP 
-A BOGUS -d 20.0.0.0/255.0.0.0 -j DROP 
-A BOGUS -d 172.16.0.0/255.240.0.0 -j DROP 
-A BOGUS -d 198.18.0.0/255.254.0.0 -j DROP 
-A BOGUS -d 192.0.2.0/255.255.255.0 -j DROP 
-A BOGUS -d 192.168.0.0/255.255.0.0 -j DROP 
-A BOGUS -j RETURN 
-A MYSQL -s 127.0.0.1 -j ACCEPT 
-A MYSQL -s 161.53.116.8 -j ACCEPT 
-A MYSQL -j DROP 
-A SNMP -s 127.0.0.1 -j ACCEPT 
-A SNMP -s 161.53.116.8 -j ACCEPT 
-A SNMP -s 10.10.0.2 -j ACCEPT 
-A SNMP -s 10.0.0.1 -j ACCEPT 
-A SNMP -j REJECT --reject-with icmp-port-unreachable 
-A TCP_FILTER -p tcp -m tcp --dport 20 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 21 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 53 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 67 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 68 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 80 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 109 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 110 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 115 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 119 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 123 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 143 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 443 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 563 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 993 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 995 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 1755 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 3389 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 8001 -j ACCEPT 
-A TCP_FILTER -p tcp -m tcp --dport 8080 -j ACCEPT 
-A TCP_FILTER -j REJECT --reject-with icmp-port-unreachable 
-A TUNELI -d 20.0.0.7 -p tcp -m tcp --dport 22 -j ACCEPT 
-A TUNELI -j RETURN 
-A UDP_FILTER -p udp -m udp --dport 67 -j ACCEPT 
-A UDP_FILTER -p udp -m udp --dport 68 -j ACCEPT 
-A UDP_FILTER -p udp -m udp --dport 53 -j ACCEPT 
-A UDP_FILTER -p udp -m udp --dport 123 -j ACCEPT 
-A UDP_FILTER -p udp -m udp --dport 443 -j ACCEPT 
-A UDP_FILTER -p udp -m udp --dport 500 -j ACCEPT 
-A UDP_FILTER -p udp -m udp --dport 554 -j ACCEPT 
-A UDP_FILTER -p udp -m udp --dport 631 -j ACCEPT 
-A UDP_FILTER -p udp -m udp --dport 1755 -j ACCEPT 
-A UDP_FILTER -p udp -m udp --dport 10000 -j ACCEPT 
-A UDP_FILTER -j REJECT --reject-with icmp-port-unreachable 
COMMIT
# Completed on Thu Jan 22 11:06:01 2009