# Generated by iptables-save v1.4.14 on Fri Jul 15 17:30:43 2016
*nat
:PREROUTING ACCEPT [20:1779]
:INPUT ACCEPT [28:1497]
:OUTPUT ACCEPT [4:319]
:POSTROUTING ACCEPT [9:631]
#-A PREROUTING -d 213.175.37.194/32 -i eth0 -p tcp -m set --match-set rdp src -m tcp --dport 3390 -j DNAT --to-destination 192.168.1.91:3389
-A PREROUTING -d 193.85.191.74/32 -i eth0 -p tcp -m set --match-set rdp src -m tcp --dport 3390 -j DNAT --to-destination 192.168.1.91:3389
#-A PREROUTING -d 213.175.37.194/32 -i eth0 -p tcp -m set --match-set rdp src -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.91
-A PREROUTING -d 193.85.191.74/32 -i eth0 -p tcp -m set --match-set rdp src -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.91
-A PREROUTING -i br0 -p tcp -m tcp --dport 80 -m set --match-set woproxy src -j ACCEPT
#-A PREROUTING -d 213.175.37.194/32 -i eth0 -p udp -m udp --dport 1200 -j REDIRECT --to-ports 1194
-A PREROUTING -d 193.85.191.74/32 -i eth0 -p udp -m udp --dport 1200 -j REDIRECT --to-ports 1194
-A PREROUTING -s 10.11.13.0/24 -i eth2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -s 192.168.1.0/24 -i br0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -s 192.168.10.0/24 -i br0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -s 192.168.20.0/24 -i br0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -s 192.168.30.0/24 -i br0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -s 192.168.40.0/24 -i br0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -s 192.168.50.0/24 -i br0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -d 10.11.12.1/32 -i tap10 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.91:3389
-A PREROUTING -d 10.11.12.25/32 -i tap10 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.82:3389
-A PREROUTING -d 10.10.10.1/32 -i tap11 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.91:3389
-A PREROUTING -d 10.10.10.1/32 -i tap11 -j DNAT --to-destination 192.168.1.250
#-A POSTROUTING -s 10.11.13.0/24 -o eth0 -j SNAT --to-source 213.175.37.196
#-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 213.175.37.196
#-A POSTROUTING -s 192.168.2.0/24 -o eth0 -j SNAT --to-source 213.175.37.196
#-A POSTROUTING -s 192.168.10.0/24 -o eth0 -j SNAT --to-source 213.175.37.196
#-A POSTROUTING -s 192.168.20.0/24 -o eth0 -j SNAT --to-source 213.175.37.196
#-A POSTROUTING -s 192.168.30.0/24 -o eth0 -j SNAT --to-source 213.175.37.196
#-A POSTROUTING -s 192.168.40.0/24 -o eth0 -j SNAT --to-source 213.175.37.196
#-A POSTROUTING -s 192.168.50.0/24 -o eth0 -j SNAT --to-source 213.175.37.196
COMMIT
# Completed on Fri Jul 15 17:30:43 2016
# Generated by iptables-save v1.4.14 on Fri Jul 15 17:30:43 2016
*filter
:INPUT DROP [10:780]
:FORWARD DROP [8:470]
:OUTPUT DROP [0:0]
:BAN-LIST - [0:0]
:DHCP-ACCEPT - [0:0]
:LIMITED-FORWARD-ACCEPT - [0:0]
:PROXY-ACCEPT - [0:0]
-A INPUT -i lo -j ACCEPT
#-A INPUT -s 193.86.188.230/32 -d 213.175.37.197/32 -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
#-A INPUT -d 213.175.37.194/32 -i eth0 -p udp -m multiport --dports 53,1194,1195,1196,1200 -j ACCEPT
-A INPUT -d 193.85.191.74/32 -i eth0 -p udp -m multiport --dports 53,1194,1195,1196,1200 -j ACCEPT
#-A INPUT -d 213.175.37.194/32 -i eth0 -p tcp -m multiport --dports 80,25,443,953,995,993,2222 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -d 193.85.191.74/32 -i eth0 -p tcp -m multiport --dports 80,25,443,953,995,993,2222 -m state --state NEW,ESTABLISHED -j ACCEPT
#-A INPUT -d 213.175.37.194/32 -i eth0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -d 193.85.191.74/32 -i eth0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
#-A INPUT -d 213.175.37.194/32 -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -d 193.85.191.74/32 -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
#-A INPUT -d 213.175.37.195/32 -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -d 193.85.191.75/32 -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
#-A INPUT -d 213.175.37.196/32 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
#-A INPUT -d 213.175.37.197/32 -i eth0 -p tcp -m multiport --dports 80,993,995,25,465,587,443 -j ACCEPT
-A INPUT -i br0 -j PROXY-ACCEPT
-A INPUT -d 192.168.1.254/32 -i br0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -d 192.168.1.254/32 -i br0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i br0 -p tcp -m multiport --dports 21,25,53,80,110,143,443,465,587,993,995,2222 -j ACCEPT
-A INPUT -i br0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -d 10.11.13.254/32 -i eth2 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i eth2 -j PROXY-ACCEPT
-A INPUT -s 10.11.13.0/24 -d 10.11.13.254/32 -i eth2 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -s 10.11.13.0/24 -d 10.11.13.254/32 -i eth2 -j DHCP-ACCEPT
-A INPUT -i tap9 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tap10 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i tap10 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i tap10 -j DROP
-A INPUT -i tap11 -p udp -j ACCEPT
-A INPUT -i tap11 -p tcp -j ACCEPT
-A INPUT -i tap11 -p icmp -j ACCEPT
-A FORWARD -o eth0 -p tcp -m multiport --dports 445,138,137,136 -j DROP
-A FORWARD -o eth0 -p udp -m multiport --dports 445,138,137,136 -j DROP
-A FORWARD -d 192.168.1.0/24 -o eth0 -j DROP
-A FORWARD -d 192.168.2.0/24 -o eth0 -j DROP
-A FORWARD -d 192.168.10.0/24 -o eth0 -j DROP
-A FORWARD -d 192.168.20.0/24 -o eth0 -j DROP
-A FORWARD -d 192.168.30.0/24 -o eth0 -j DROP
-A FORWARD -d 192.168.40.0/24 -o eth0 -j DROP
-A FORWARD -d 192.168.50.0/24 -o eth0 -j DROP
-A FORWARD -s 192.168.1.0/24 -d 192.168.1.0/24 -i br0 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -d 192.168.10.0/24 -i br0 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -d 192.168.20.0/24 -i br0 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -d 192.168.30.0/24 -i br0 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -d 192.168.40.0/24 -i br0 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -d 192.168.50.0/24 -i br0 -j ACCEPT
-A FORWARD -d 192.168.1.82/32 -i tap10 -j ACCEPT
-A FORWARD -d 10.11.12.25/32 -i tap10 -j ACCEPT
-A FORWARD -i tap11 -o br0 -j ACCEPT
-A FORWARD -i br0 -o tap11 -j ACCEPT
-A FORWARD -i tun+ -o br0 -j ACCEPT
-A FORWARD -i br0 -o tun+ -j ACCEPT
-A FORWARD -d 192.168.1.91/32 -i tun11 -p tcp -j ACCEPT
-A FORWARD -d 192.168.1.91/32 -i tun10 -p tcp -j ACCEPT
-A FORWARD -d 192.168.1.91/32 -i tun+ -j ACCEPT
-A FORWARD -s 192.168.1.91/32 -o tun+ -j ACCEPT
-A FORWARD -i eth0 -o br0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A FORWARD -i eth0 -o br0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A FORWARD -s 10.11.13.0/24 -i eth2 -o eth0 -j LIMITED-FORWARD-ACCEPT
-A FORWARD -i br0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.91/32 -i eth0 -p tcp -m set --match-set rdp src -m tcp --dport 3389 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tap10 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o tap11 -j ACCEPT
-A OUTPUT -j ACCEPT
-A BAN-LIST -j DROP
-A DHCP-ACCEPT -p udp -m udp --dport 67 -j ACCEPT
-A LIMITED-FORWARD-ACCEPT -p tcp -m multiport --dports 25,80,110,143,443,587,465,625,993,995 -j ACCEPT
-A PROXY-ACCEPT -p tcp -m tcp --dport 3128 -j ACCEPT
COMMIT
# Completed on Fri Jul 15 17:30:43 2016