# Generated by iptables-save v1.2.11 on Tue May 10 08:06:58 2005
*filter
:INPUT ACCEPT [5:952]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1192099:595387635]

# accept all from localhost
-A INPUT -s 127.0.0.1 -j ACCEPT

# accept all previously established connections
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# allow ping
-A INPUT -i eth0 -m state --state NEW --protocol icmp --icmp-type 8 -j ACCEPT

# ssh
-I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
-I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

# subversion related stuff
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3690 -j ACCEPT

# ftp / webserver related
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2812 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1024:65535 -j ACCEPT

# mailserver stuff
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT

# mysql stuff
-A INPUT -p all -s localhost -d localhost -j ACCEPT
-A INPUT -p tcp --destination-port 3306 -j REJECT

# ircd related stuff
-A INPUT -p tcp -m state --state NEW -m tcp --dport 113 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6667 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6668 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6697 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 7000 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8867 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8868 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8888 -j ACCEPT

# jabber related stuff
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5222 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5269 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5223 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5670 -j ACCEPT

# shoutcast stuff
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8000 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT

# http proxy
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8123 -j ACCEPT

# bittorrent
-A INPUT -p tcp -m state --state NEW -m tcp --dport 30000:30009 -j ACCEPT

# Allow related stuff to pass through
-A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# reject everything else
-A INPUT -j REJECT --reject-with icmp-port-unreachable

COMMIT
# Completed on Tue May 10 08:06:58 2005