Вывод команды 'iptables -t filter -nvL' для схемы на рис. 2
Chain INPUT (policy DROP ) target prot opt in out source destination ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/001_LAN_GW all -- eth0 * 192.168.0.0/24 192.168.0.1 01_LAN_GW all -- ppp+ * 192.168.1.0/24 192.168.3.103_INET_GW all -- eth1 * !192.168.0.0/16 198.51.100.2 03_INET_GW_ISP2 all -- eth3 * !192.168.0.0/16 192.168.5.1 03_INET_GW_ISP2 all -- eth3 * !192.168.0.0/16 198.51.100.2Chain FORWARD (policy DROP ) target prot opt in out source destination05_LAN_INET all -- eth0 eth1 192.168.0.0/24 !192.168.0.0/16 05_LAN_INET all -- eth0 eth3 192.168.0.0/24 !192.168.0.0/16 05_LAN_INET all -- ppp+ eth1 192.168.1.0/24 !192.168.0.0/16 05_LAN_INET all -- ppp+ eth3 192.168.1.0/24 !192.168.0.0/16 06_INET_LAN all -- eth1 eth0 !192.168.0.0/16 192.168.0.0/24 06_INET_LAN all -- eth1 ppp+ !192.168.0.0/16 192.168.1.0/24 06_INET_LAN all -- eth3 eth0 !192.168.0.0/16 192.168.0.0/24 06_INET_LAN all -- eth3 ppp+ !192.168.0.0/16 192.168.1.0/2407_INET_DMZ all -- eth1 eth2 !192.168.0.0/16 203.0.113.0/29 07_INET_DMZ_ISP2 all -- eth3 eth2 !192.168.0.0/16 203.0.113.0/29 08_DMZ_INET all -- eth2 eth1 203.0.113.0/29 !192.168.0.0/16 08_DMZ_INET all -- eth2 eth3 203.0.113.0/29 !192.168.0.0/1609_LAN_DMZ all -- eth0 eth2 192.168.0.0/24 203.0.113.0/29 09_LAN_DMZ all -- ppp+ eth2 192.168.1.0/24 203.0.113.0/29 10_DMZ_LAN all -- eth2 eth0 203.0.113.0/29 192.168.0.0/24 10_DMZ_LAN all -- eth2 ppp+ 203.0.113.0/29 192.168.1.0/2416_LAN_LAN2 all -- eth0 eth3 192.168.0.0/24 192.168.5.0/24 17_LAN2_LAN all -- eth3 eth0 192.168.5.0/24 192.168.0.0/2418_VPN_LAN all -- tun1 eth0 192.168.255.0/24 192.168.0.0/24 19_LAN_VPN all -- eth0 tun1 192.168.0.0/24 192.168.255.0/24 20_VPN_INET all -- tun1 eth1 192.168.255.0/24 !192.168.0.0/16 21_INET_VPN all -- eth1 tun1 !192.168.0.0/16 192.168.255.0/24Chain OUTPUT (policy DROP ) target prot opt in out source destination ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/002_GW_LAN all -- * eth0 192.168.0.1 192.168.0.0/24 02_GW_LAN all -- * ppp+ 192.168.3.1 192.168.1.0/2404_GW_INET all -- * eth1 198.51.100.2 !192.168.0.0/16 04_GW_INET all -- * eth3 192.168.5.1 !192.168.0.0/16
Chain 01_LAN_GW (2 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 01_LAN_GW_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 01_LAN_GW_ALLOW (1 references) target prot opt in out source destination ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:873 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2525 state NEW CONNMARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128 state NEW CONNMARK xset 0x3128/0xffffffff CONNMARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3129 state NEW CONNMARK xset 0x3128/0xffffffff ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3129 state NEW ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 state NEW ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 47 -- * * 0.0.0.0/0 0.0.0.0/0 Chain 02_GW_LAN (2 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 02_GW_LAN_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 02_GW_LAN_ALLOW (1 references) target prot opt in out source destination ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:20 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5223 state NEW ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 47 -- * * 0.0.0.0/0 0.0.0.0/0Chain 03_INET_GW (1 references) target prot opt in out source destination 03_INET_GW_CNT all -- * * 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 03_INET_GW_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 03_INET_GW_ALLOW (1 references) target prot opt in out source destination ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x3F/0x02 state NEW limit: up to 10/min burst 10 mode srcip LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x3F/0x02 state NEW limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix `INET->GW_FTP_limit' ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 state NEW ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW Chain 03_INET_GW_CNT (2 references) target prot opt in out source destination tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:25 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:43 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:53 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:5222 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:5223 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:123 icmp -- * * 0.0.0.0/0 0.0.0.0/0 Chain 03_INET_GW_ISP2 (2 references) target prot opt in out source destination 03_INET_GW_CNT all -- * * 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED DROP all -- * * 0.0.0.0/0 0.0.0.0/0Chain 04_GW_INET (2 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 04_GW_INET_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 04_GW_INET_ALLOW (1 references) target prot opt in out source destination ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:21 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:43 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 state NEW ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5223 state NEW ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEWChain 05_LAN_INET (4 references) target prot opt in out source destination 05_LAN_INET_CNT all -- * * 0.0.0.0/0 0.0.0.0/0 05_LAN_INET_SKIP_OR_DENY all -- * * 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 05_LAN_INET_LIMIT all -- * * 0.0.0.0/0 0.0.0.0/0 05_LAN_INET_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 05_LAN_INET_ALLOW (1 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 87.250.251.37 state NEW ACCEPT all -- * * 0.0.0.0/0 93.158.134.37 state NEW ACCEPT all -- * * 0.0.0.0/0 213.180.193.37 state NEW ACCEPT all -- * * 0.0.0.0/0 213.180.204.37 state NEW ACCEPT all -- * * 0.0.0.0/0 87.250.250.37 state NEW ACCEPT tcp -- * * 0.0.0.0/0 93.158.134.38 tcp dpt:25 state NEW ACCEPT tcp -- * * 0.0.0.0/0 213.180.193.38 tcp dpt:25 state NEW ACCEPT tcp -- * * 0.0.0.0/0 213.180.204.38 tcp dpt:25 state NEW ACCEPT tcp -- * * 0.0.0.0/0 77.88.21.38 tcp dpt:25 state NEW ACCEPT tcp -- * * 0.0.0.0/0 87.250.250.38 tcp dpt:25 state NEW ACCEPT all -- * * 192.168.0.10 0.0.0.0/0 state NEW ACCEPT all -- * * 192.168.0.12 0.0.0.0/0 state NEW ACCEPT all -- * * 192.168.1.1 0.0.0.0/0 state NEW ACCEPT all -- * * 192.168.1.3 0.0.0.0/0 state NEW ACCEPT all -- * * 192.168.0.13 0.0.0.0/0 state NEW Chain 05_LAN_INET_CNT (1 references) target prot opt in out source destination all -- * * 0.0.0.0/0 87.250.251.37 all -- * * 0.0.0.0/0 93.158.134.37 all -- * * 0.0.0.0/0 213.180.193.37 all -- * * 0.0.0.0/0 213.180.204.37 all -- * * 0.0.0.0/0 87.250.250.37 tcp -- * * 0.0.0.0/0 93.158.134.38 tcp dpt:25 tcp -- * * 0.0.0.0/0 213.180.193.38 tcp dpt:25 tcp -- * * 0.0.0.0/0 213.180.204.38 tcp dpt:25 tcp -- * * 0.0.0.0/0 77.88.21.38 tcp dpt:25 tcp -- * * 0.0.0.0/0 87.250.250.38 tcp dpt:25 all -- * * 192.168.0.10 0.0.0.0/0 all -- * * 192.168.0.12 0.0.0.0/0 all -- * * 192.168.1.1 0.0.0.0/0 all -- * * 192.168.1.3 0.0.0.0/0 all -- * * 192.168.0.13 0.0.0.0/0 Chain 05_LAN_INET_DENY (1 references) target prot opt in out source destination LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 limit: avg 1/min burst 5 LOG flags 0 level 4 prefix `LAN_INET_DENY_SMTP:' DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 Chain 05_LAN_INET_LIMIT (1 references) target prot opt in out source destination RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW limit: up to 2/min burst 5 mode srcip-dstip LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix `LAN->INET_SMTP_limit:' DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW Chain 05_LAN_INET_SKIP_OR_DENY (1 references) target prot opt in out source destination RETURN tcp -- * * 192.168.1.1 0.0.0.0/0 tcp dpt:25 RETURN tcp -- * * 0.0.0.0/0 93.158.134.38 tcp dpt:25 RETURN tcp -- * * 0.0.0.0/0 213.180.193.38 tcp dpt:25 RETURN tcp -- * * 0.0.0.0/0 213.180.204.38 tcp dpt:25 RETURN tcp -- * * 0.0.0.0/0 77.88.21.38 tcp dpt:25 RETURN tcp -- * * 0.0.0.0/0 87.250.250.38 tcp dpt:25 RETURN tcp -- * * 0.0.0.0/0 81.19.70.48 tcp dpt:25 RETURN tcp -- * * 0.0.0.0/0 74.125.143.108 tcp dpt:25 RETURN tcp -- * * 0.0.0.0/0 74.125.143.109 tcp dpt:25 RETURN tcp -- * * 0.0.0.0/0 62.141.94.173 tcp dpt:25 RETURN tcp -- * * 0.0.0.0/0 94.100.177.3 tcp dpt:25 05_LAN_INET_DENY all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 06_INET_LAN (4 references) target prot opt in out source destination 06_INET_LAN_CNT all -- * * 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 06_INET_LAN_CNT (1 references) target prot opt in out source destination all -- * * 87.250.251.37 0.0.0.0/0 all -- * * 93.158.134.37 0.0.0.0/0 all -- * * 213.180.193.37 0.0.0.0/0 all -- * * 213.180.204.37 0.0.0.0/0 all -- * * 87.250.250.37 0.0.0.0/0 tcp -- * * 93.158.134.38 0.0.0.0/0 tcp spt:25 tcp -- * * 213.180.193.38 0.0.0.0/0 tcp spt:25 tcp -- * * 213.180.204.38 0.0.0.0/0 tcp spt:25 tcp -- * * 77.88.21.38 0.0.0.0/0 tcp spt:25 tcp -- * * 87.250.250.38 0.0.0.0/0 tcp spt:25 all -- * * 0.0.0.0/0 192.168.0.10 all -- * * 0.0.0.0/0 192.168.0.12 all -- * * 0.0.0.0/0 192.168.1.1 all -- * * 0.0.0.0/0 192.168.1.3 all -- * * 0.0.0.0/0 192.168.0.13Chain 07_INET_DMZ (1 references) target prot opt in out source destination 07_INET_DMZ_CNT all -- * * 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 07_INET_DMZ_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 07_INET_DMZ_ALLOW (1 references) target prot opt in out source destination ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.2 tcp dpt:80 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.2 tcp dpt:443 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.3 tcp dpt:80 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.3 tcp dpt:443 state NEW Chain 07_INET_DMZ_CNT (2 references) target prot opt in out source destination icmp -- * * 0.0.0.0/0 0.0.0.0/0 tcp -- * * 0.0.0.0/0 203.0.113.2 tcp dpt:80 tcp -- * * 0.0.0.0/0 203.0.113.2 tcp dpt:443 tcp -- * * 0.0.0.0/0 203.0.113.3 tcp dpt:80 tcp -- * * 0.0.0.0/0 203.0.113.3 tcp dpt:443 Chain 07_INET_DMZ_ISP2 (1 references) target prot opt in out source destination 07_INET_DMZ_CNT all -- * * 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 08_DMZ_INET (2 references) target prot opt in out source destination 08_DMZ_INET_CNT all -- * * 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 08_DMZ_INET_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 08_DMZ_INET_ALLOW (1 references) target prot opt in out source destination ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW ACCEPT all -- * * 203.0.113.2 0.0.0.0/0 state NEW ACCEPT all -- * * 203.0.113.3 0.0.0.0/0 state NEW Chain 08_DMZ_INET_CNT (1 references) target prot opt in out source destination icmp -- * * 0.0.0.0/0 0.0.0.0/0 all -- * * 203.0.113.2 0.0.0.0/0 all -- * * 203.0.113.3 0.0.0.0/0Chain 09_LAN_DMZ (2 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 09_LAN_DMZ_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 09_LAN_DMZ_ALLOW (1 references) target prot opt in out source destination ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.2 tcp dpt:21 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.2 tcp dpt:22 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.2 tcp dpt:80 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.2 tcp dpt:873 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.2 tcp dpts:60000:61000 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.3 tcp dpt:21 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.3 tcp dpt:22 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.3 tcp dpt:80 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.3 tcp dpt:873 state NEW ACCEPT tcp -- * * 0.0.0.0/0 203.0.113.3 tcp dpts:60000:61000 state NEW Chain 10_DMZ_LAN (2 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED DROP all -- * * 0.0.0.0/0 0.0.0.0/0Chain 16_LAN_LAN2 (1 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 16_LAN_LAN2_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 16_LAN_LAN2_ALLOW (1 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 192.168.5.0/24 state NEW Chain 17_LAN2_LAN (1 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED DROP all -- * * 0.0.0.0/0 0.0.0.0/0Chain 18_VPN_LAN (1 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 18_VPN_LAN_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 18_VPN_LAN_ALLOW (1 references) target prot opt in out source destination ACCEPT tcp -- * * 192.168.255.5 192.168.0.10 tcp dpt:3389 state NEW ACCEPT all -- * * 192.168.255.5 192.168.0.13 state NEW Chain 19_LAN_VPN (1 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 20_VPN_INET (1 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 20_VPN_INET_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain 20_VPN_INET_ALLOW (1 references) target prot opt in out source destination ACCEPT all -- * * 192.168.255.5 74.125.50.30 state NEW Chain 21_INET_VPN (1 references) target prot opt in out source destination ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED DROP all -- * * 0.0.0.0/0 0.0.0.0/0