filter
- INPUT ACCEPT [0
- 0]
- FORWARD ACCEPT [0
- 0]
- OUTPUT ACCEPT [0
- 0]
- A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- A INPUT -p icmp -j ACCEPT
- A INPUT -i lo -j ACCEPT
- A INPUT -p udp --dport 500 -j ACCEPT
- A INPUT -p tcp --dport 500 -j ACCEPT
- A INPUT -p tcp --dport 4500 -j ACCEPT
- A INPUT -p udp --dport 4500 -j ACCEPT
- A INPUT -p esp -j ACCEPT
- A FORWARD -s 192.168.163.0/24 -d 192.168.164.0/24 -j ACCEPT
- A FORWARD -s 192.168.164.0/24 -d 192.168.163.0/24 -j ACCEPT
- A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
- A INPUT -j REJECT --reject-with icmp-host-prohibited
- A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
