# Generated by iptables-save v1.4.8 on Thu Oct 18 17:18:15 2012
*nat
:PREROUTING ACCEPT [12615:2028303]
:POSTROUTING ACCEPT [62:4500]
:OUTPUT ACCEPT [62:4500]
:postrouting-int-inline-if - [0:0]
:prerouting-int-inline-if - [0:0]
-A PREROUTING -i eth2 -j prerouting-int-inline-if 
-A POSTROUTING -o eth0 -m mark --mark 0x3 -j postrouting-int-inline-if 
-A POSTROUTING -o eth0 -m mark --mark 0x1 -j postrouting-int-inline-if 
-A POSTROUTING -o eth0 -m mark --mark 0x2 -j postrouting-int-inline-if 
-A postrouting-int-inline-if -j MASQUERADE 
-A prerouting-int-inline-if -p udp -m udp --dport 53 -m mark --mark 0x3 -j REDIRECT 
-A prerouting-int-inline-if -p udp -m udp --dport 53 -m mark --mark 0x2 -j REDIRECT 
-A prerouting-int-inline-if -p tcp -m tcp --dport 80 -m mark --mark 0x3 -j REDIRECT 
-A prerouting-int-inline-if -p tcp -m tcp --dport 80 -m mark --mark 0x2 -j REDIRECT 
-A prerouting-int-inline-if -p tcp -m tcp --dport 443 -m mark --mark 0x3 -j REDIRECT 
-A prerouting-int-inline-if -p tcp -m tcp --dport 443 -m mark --mark 0x2 -j REDIRECT 
COMMIT
# Completed on Thu Oct 18 17:18:15 2012
# Generated by iptables-save v1.4.8 on Thu Oct 18 17:18:15 2012
*mangle
:PREROUTING ACCEPT [100:12799]
:INPUT ACCEPT [92:12391]
:FORWARD ACCEPT [4:240]
:OUTPUT ACCEPT [22:2636]
:POSTROUTING ACCEPT [26:2876]
:prerouting-int-inline-if - [0:0]
-A PREROUTING -i eth2 -j prerouting-int-inline-if 
-A prerouting-int-inline-if -j MARK --set-xmark 0x3/0xffffffff 
-A prerouting-int-inline-if -m mac --mac-source 34:51:C9:3D:7D:02 -j MARK --set-xmark 0x1/0xffffffff 
-A prerouting-int-inline-if -m mac --mac-source 00:21:00:8F:15:2D -j MARK --set-xmark 0x1/0xffffffff 
COMMIT
# Completed on Thu Oct 18 17:18:15 2012
# Generated by iptables-save v1.4.8 on Thu Oct 18 17:18:15 2012
*filter
:INPUT DROP [12135:1998375]
:FORWARD DROP [36:7011]
:OUTPUT ACCEPT [3414:2339363]
:forward-internal-inline-if - [0:0]
:input-highavailability-if - [0:0]
:input-internal-inline-if - [0:0]
:input-internal-vlan-if - [0:0]
:input-management-if - [0:0]
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A INPUT -d 172.17.250.1/32 -i eth2 -j input-internal-inline-if 
-A INPUT -d 255.255.255.255/32 -i eth2 -j input-internal-inline-if 
-A INPUT -d 172.17.3.5/32 -i eth2 -p tcp -m tcp --dport 443 -j ACCEPT 
-A INPUT -i eth0 -j input-management-if 
-A FORWARD -i eth2 -j forward-internal-inline-if 
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A forward-internal-inline-if -m mark --mark 0x1 -j ACCEPT 
-A input-highavailability-if -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A input-highavailability-if -p udp -m udp --dport 5405 -j ACCEPT 
-A input-highavailability-if -p udp -m udp --dport 5407 -j ACCEPT 
-A input-highavailability-if -p tcp -m tcp --dport 7788 -j ACCEPT 
-A input-internal-inline-if -p udp -m udp --dport 67 -j ACCEPT 
-A input-internal-inline-if -p tcp -m tcp --dport 67 -j ACCEPT 
-A input-internal-inline-if -p tcp -m tcp --dport 53 -m mark --mark 0x3 -j ACCEPT 
-A input-internal-inline-if -p udp -m udp --dport 53 -m mark --mark 0x3 -j ACCEPT 
-A input-internal-inline-if -p tcp -m tcp --dport 53 -m mark --mark 0x2 -j ACCEPT 
-A input-internal-inline-if -p udp -m udp --dport 53 -m mark --mark 0x2 -j ACCEPT 
-A input-internal-inline-if -p tcp -m tcp --dport 53 -m mark --mark 0x1 -j DROP 
-A input-internal-inline-if -p udp -m udp --dport 53 -m mark --mark 0x1 -j DROP 
-A input-internal-inline-if -p tcp -m tcp --dport 80 -m mark --mark 0x1 -j DROP 
-A input-internal-inline-if -p tcp -m tcp --dport 443 -m mark --mark 0x1 -j DROP 
-A input-internal-inline-if -p tcp -m tcp --dport 80 -j ACCEPT 
-A input-internal-inline-if -p tcp -m tcp --dport 443 -j ACCEPT 
-A input-internal-vlan-if -p udp -m udp --dport 53 -j ACCEPT 
-A input-internal-vlan-if -p udp -m udp --dport 67 -j ACCEPT 
-A input-internal-vlan-if -p tcp -m tcp --dport 67 -j ACCEPT 
-A input-internal-vlan-if -p tcp -m tcp --dport 80 -j ACCEPT 
-A input-internal-vlan-if -p tcp -m tcp --dport 443 -j ACCEPT 
-A input-management-if -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A input-management-if -p tcp -m tcp --dport 1443 -j ACCEPT 
-A input-management-if -p tcp -m tcp --dport 3000 -j ACCEPT 
-A input-management-if -p tcp -m tcp --dport 1812 -j ACCEPT 
-A input-management-if -p udp -m udp --dport 1812 -j ACCEPT 
-A input-management-if -p tcp -m tcp --dport 1813 -j ACCEPT 
-A input-management-if -p udp -m udp --dport 1813 -j ACCEPT 
-A input-management-if -p udp -m udp --dport 162 -j ACCEPT 
-A input-management-if -p udp -m udp --dport 67 -j ACCEPT 
-A input-management-if -p tcp -m tcp --dport 67 -j ACCEPT 
-A input-management-if -p tcp -m tcp --dport 9392 -j ACCEPT 
-A input-management-if -p tcp -m tcp --dport 8834 -j ACCEPT 
-A input-management-if -p tcp -m tcp --dport 443 -j ACCEPT 
COMMIT
# Completed on Thu Oct 18 17:18:15 2012
