#!/usr/bin/perl /usr/local/sbin/iptables-master

policy
 INPUT DROP
 FORWARD DROP
 OUTPUT ACCEPT

nat-def
 snat
  eth0 1.2.3.4
 dnat
  10.0.0.2
   in eth0
   tcp 9237
   udp 8888,9237

action
 inet
  dst 0.0.0.255/0.0.0.255 DROP
  dst 0.0.0.0/0.0.0.255 DROP
  src 10.0.0.0/8 DROP
  src 127.0.0.0/8 DROP
  src 169.254.0.0/16 DROP
  src 172.16.0.0/12 DROP
  src 192.168.0.0/16 DROP
 INPUT
  state r,e ACCEPT
  state i DROP
  prot ipv6 ACCEPT
  in lo ACCEPT
  in eth1 ACCEPT
  prot 'tcp ! --syn' DROP
  in eth0 inet
  ban BANME 3600 DROP
  tcp 22 key SSHGO 300 loga
  tcp 12345 trip SSHGO logd
  tcp 139,445 DROP
  tcp 21,25,53,80 loga
  tcp 22,110,135,443,463,6000 logd
  udp 67,137,138,1026,1027,1028,1029,1434 DROP
  udp 53 loga
  icmp 'DROP --icmp-type 8'
  log B
  tcp 113 'REJECT --reject-with tcp-reset'
  trip BANME DROP
 FORWARD
  state r,e ACCEPT
  state i DROP
  in eth1 ACCEPT
  dnat tcp ACCEPT
  dnat udp ACCEPT
  log F
 loga
  log A
  ACCEPT
 logd
  log D
  DROP