
#DISPATCH and DEFAULT Rules
:INTERNET-reseau6 -
:INTERNET-INTRANET -
:INTERNET-DMZ -
:reseau6-INTERNET -
:reseau6-INTRANET -
:reseau6-DMZ -
:INTRANET-INTERNET -
:INTRANET-reseau6 -
:INTRANET-DMZ -
:DMZ-INTERNET -
:DMZ-reseau6 -
:DMZ-INTRANET -
:IF-INTERNET -
:INTERNET-IF -
:IF-reseau6 -
:reseau6-IF -
:IF-INTRANET -
:INTRANET-IF -
:IF-DMZ -
:DMZ-IF -
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A INPUT -m state --state INVALID -j DROP
-A OUTPUT -m state --state INVALID -j DROP

-A FORWARD -d 192.168.6.0/24 -m policy --pol ipsec --mode tunnel --dir out --tunnel-src 192.168.33.202 --tunnel-dst 1.2.3.4 -i eth0 -o eth0 -j INTERNET-reseau6
-A FORWARD -s 192.168.6.0/24 -m policy --pol ipsec --mode tunnel --dir in --tunnel-src 1.2.3.4 --tunnel-dst 192.168.33.202 -i eth0 -o eth0 -j reseau6-INTERNET
-A FORWARD -s 192.168.6.0/24 -d 192.168.3.0/24 -m policy --pol ipsec --mode tunnel --dir in --tunnel-src 1.2.3.4 --tunnel-dst 192.168.33.202 -i eth0 -o eth2 -j reseau6-INTRANET
-A FORWARD -s 192.168.6.0/24 -d 192.168.5.0/24 -m policy --pol ipsec --mode tunnel --dir in --tunnel-src 1.2.3.4 --tunnel-dst 192.168.33.202 -i eth0 -o eth1 -j reseau6-DMZ
-A FORWARD -s 192.168.3.0/24 -d 192.168.6.0/24 -m policy --pol ipsec --mode tunnel --dir out --tunnel-src 192.168.33.202 --tunnel-dst 1.2.3.4 -i eth2 -o eth0 -j INTRANET-reseau6
-A FORWARD -s 192.168.5.0/24 -d 192.168.6.0/24 -m policy --pol ipsec --mode tunnel --dir out --tunnel-src 192.168.33.202 --tunnel-dst 1.2.3.4 -i eth1 -o eth0 -j DMZ-reseau6
-A FORWARD -s 192.168.3.0/24 -d 192.168.5.0/24 -i eth2 -o eth1 -j INTRANET-DMZ
-A FORWARD -s 192.168.5.0/24 -d 192.168.3.0/24 -i eth1 -o eth2 -j DMZ-INTRANET
-A INPUT -s 192.168.3.0/24 -i eth2 -j INTRANET-IF
-A INPUT -s 192.168.5.0/24 -i eth1 -j DMZ-IF
-A INPUT -s 192.168.6.0/24 -i eth0 -j reseau6-IF
-A OUTPUT -d 192.168.6.0/24 -o eth0 -j IF-reseau6
-A OUTPUT -d 192.168.3.0/24 -o eth2 -j IF-INTRANET
-A OUTPUT -d 192.168.5.0/24 -o eth1 -j IF-DMZ
-A INPUT -i eth0 -j INTERNET-IF
-A OUTPUT -o eth0 -j IF-INTERNET
-A FORWARD -d 192.168.3.0/24 -i eth0 -o eth2 -j INTERNET-INTRANET
-A FORWARD -d 192.168.5.0/24 -i eth0 -o eth1 -j INTERNET-DMZ
-A FORWARD -s 192.168.3.0/24 -i eth2 -o eth0 -j INTRANET-INTERNET
-A FORWARD -s 192.168.5.0/24 -i eth1 -o eth0 -j DMZ-INTERNET

-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

-A FORWARD -j ULOG --ulog-prefix "DFT_FORWARD_DROP"
-A FORWARD -j DROP
-A INPUT -j ULOG --ulog-prefix "DFT_INPUT_DROP"
-A INPUT -j DROP
-A OUTPUT -j ULOG --ulog-prefix "DFT_OUTPUT_DROP"
-A OUTPUT -j DROP

