[ crus @ 10.06.2004. 22:46 ] @
E ovako, u mrezi sam sa komsijom..

on: WinXP
ja: SuSE 9.1

njegovIP: 192.168.0.2
mojIP: 192.168.0.1

Digao sam bio Samba server/client i sve je radilo kako treba, fileshare itd itd..
Medjutim nakon sto sam restartovao masinu, vise nista ne radi, cak ne mogu ni da ga pingujem, ni on mene, pokusavao sam SVASTA, od ukljucivanja firewalla do rekonfigurisanja istog i ista stvar, jednom prilikom (nemam IDEJU sta sam uradio) je opet sve proradilo, medjutim kada bih u sambi kliknuo na nasu workgrupu video bih samo njega, ne i sebe, i on nije mogao da vidi mene, ping je radio..
Medjutim eto opet nakon sto sam resetovao masinu, ISTA stvar, NISTA ne radi..
I to me pomalo izludjuje, jer sada kada sam sredio sambu hteo bih jos da dignem neki simple proxy da on moze na net preko mog proxija dok sam ja na netu (nikakvi IPMASQ me ne zanimaju :)))..

Eto jel moze neko da pomogne...
Ili sta ja znam, konkretno me zanima da li postoji neka komada za iptables ili kako da kazem firewall-u da dozvoli SVE od i prema njegovoj i mojoj IP adresi..

hvala puno
[ crus @ 11.06.2004. 00:29 ] @
Evo prilazem ovo mozda pomogne :)


pixel:/home/crus # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ESTABLISHED udp dpts:netbios-ns:netbios-dgm
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 192.168.0.255
input_ext all -- anywhere anywhere
input_int all -- anywhere anywhere
LOG all -- anywhere ch49.beograd-1.tehnicom.net LOG level warning tcp-options ip-options prefix `SFW2-IN-ACC_DENIED_INT '
DROP all -- anywhere ch49.beograd-1.tehnicom.net
LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
ACCEPT all -- 192.168.0.0/16 192.168.0.0/16

Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
forward_ext all -- anywhere anywhere
forward_int all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SFW2-FORWARD-ERROR '

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG icmp -- anywhere anywhere icmp time-exceeded LOG level warning tcp-options ip-options prefix `SFW2-OUT-TRACERT-ATTEMPT '
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp port-unreachable
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp network-prohibited
ACCEPT icmp -- anywhere anywhere icmp host-prohibited
ACCEPT icmp -- anywhere anywhere icmp communication-prohibited
DROP icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SFW2-OUTPUT-ERROR '

Chain forward_dmz (0 references)
target prot opt source destination
LOG all -- anywhere pixel.PIXEL LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-CIRCUMV '
DROP all -- anywhere pixel.PIXEL
LOG all -- anywhere ch49.beograd-1.tehnicom.net LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-CIRCUMV '
DROP all -- anywhere ch49.beograd-1.tehnicom.net
ACCEPT icmp -- anywhere anywhere state ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state NEW icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-DEFLT '
LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-DEFLT '
LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-DEFLT-INV '
DROP all -- anywhere anywhere

Chain forward_ext (1 references)
target prot opt source destination
LOG all -- anywhere pixel.PIXEL LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-CIRCUMV '
DROP all -- anywhere pixel.PIXEL
ACCEPT icmp -- anywhere anywhere state ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV '
DROP all -- anywhere anywhere

Chain forward_int (1 references)
target prot opt source destination
LOG all -- anywhere ch49.beograd-1.tehnicom.net LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-CIRCUMV '
DROP all -- anywhere ch49.beograd-1.tehnicom.net
ACCEPT icmp -- anywhere anywhere state NEW icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV '
DROP all -- anywhere anywhere

Chain input_dmz (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
LOG tcp -- 192.168.0.2 anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INdmz-ACCEPT-TRUST '
ACCEPT tcp -- 192.168.0.2 anywhere state NEW,RELATED,ESTABLISHED tcp dpt:telnet
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp type 2 LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-ICMP-CRIT '
DROP icmp -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INdmz-ACC-TCP '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ftp
LOG tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INdmz-ACC-TCP '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh
LOG tcp -- anywhere anywhere tcp dpt:domain flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INdmz-ACC-TCP '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:domain
reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP '
DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:ipp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP '
DROP tcp -- anywhere anywhere tcp dpt:ipp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INdmz-ACC-HiTCP '
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ESTABLISHED udp dpt:domain
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
DROP udp -- anywhere anywhere udp dpt:sunrpc state NEW
DROP udp -- anywhere anywhere udp dpt:sunrpc state NEW
DROP udp -- anywhere anywhere udp dpt:ipp state NEW
DROP udp -- anywhere anywhere udp dpt:ipp state NEW
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-DEFLT '
LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-DEFLT '
LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-DEFLT-INV '
DROP all -- anywhere anywhere

Chain input_ext (1 references)
target prot opt source destination
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-SOURCEQUENCH '
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
LOG tcp -- 192.168.0.2 anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACCEPT-TRUST '
ACCEPT tcp -- 192.168.0.2 anywhere state NEW,RELATED,ESTABLISHED tcp dpt:telnet
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp type 2 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-ICMP-CRIT '
DROP icmp -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ftp
LOG tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh
LOG tcp -- anywhere anywhere tcp dpt:finger flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:finger
reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP '
DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:ipp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP '
DROP tcp -- anywhere anywhere tcp dpt:ipp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-HiTCP '
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ESTABLISHED udp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ESTABLISHED udp dpt:ntp
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ESTABLISHED udp dpt:snmp
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ESTABLISHED udp dpts:traceroute:33524
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
DROP udp -- anywhere anywhere udp dpt:sunrpc state NEW
DROP udp -- anywhere anywhere udp dpt:sunrpc state NEW
DROP udp -- anywhere anywhere udp dpt:ipp state NEW
DROP udp -- anywhere anywhere udp dpt:ipp state NEW
ACCEPT udp -- anywhere anywhere state ESTABLISHED udp dpts:61000:65095
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP all -- anywhere anywhere

Chain input_int (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
LOG tcp -- 192.168.0.2 anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INint-ACCEPT-TRUST '
ACCEPT tcp -- 192.168.0.2 anywhere state NEW,RELATED,ESTABLISHED tcp dpt:telnet
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp type 2 LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
DROP icmp -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INint-ACC-TCP '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ftp
LOG tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INint-ACC-TCP '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh
LOG tcp -- anywhere anywhere tcp dpt:domain flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INint-ACC-TCP '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:domain
reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INint-ACC-HiTCP '
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ESTABLISHED udp dpt:domain
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-DEFLT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-DEFLT '
LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-DEFLT '
LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-DEFLT-INV '
DROP all -- anywhere anywhere

Chain reject_func (3 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable