
#DISPATCH and DEFAULT Rules
:INTERNET-LAN7 -
:INTERNET-LAN5 -
:LAN7-INTERNET -
:LAN7-LAN5 -
:LAN5-INTERNET -
:LAN5-LAN7 -
:IF-INTERNET -
:INTERNET-IF -
:IF-LAN7 -
:LAN7-IF -
:IF-LAN5 -
:LAN5-IF -
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A INPUT -m state --state INVALID -j DROP
-A OUTPUT -m state --state INVALID -j DROP

-A FORWARD -d 192.168.7.0/24 -m policy --pol ipsec --mode tunnel --dir out --tunnel-src 192.168.4.254 --tunnel-dst 192.168.6.254 -i eth0 -o eth0 -j INTERNET-LAN7
-A FORWARD -s 192.168.7.0/24 -m policy --pol ipsec --mode tunnel --dir in --tunnel-src 192.168.6.254 --tunnel-dst 192.168.4.254 -i eth0 -o eth0 -j LAN7-INTERNET
-A FORWARD -s 192.168.7.0/24 -d 192.168.5.0/24 -m policy --pol ipsec --mode tunnel --dir in --tunnel-src 192.168.6.254 --tunnel-dst 192.168.4.254 -i eth0 -o eth1 -j LAN7-LAN5
-A FORWARD -s 192.168.5.0/24 -d 192.168.7.0/24 -m policy --pol ipsec --mode tunnel --dir out --tunnel-src 192.168.4.254 --tunnel-dst 192.168.6.254 -i eth1 -o eth0 -j LAN5-LAN7
-A INPUT -s 192.168.5.0/24 -i eth1 -j LAN5-IF
-A INPUT -s 192.168.7.0/24 -i eth0 -j LAN7-IF
-A OUTPUT -d 192.168.7.0/24 -o eth0 -j IF-LAN7
-A OUTPUT -d 192.168.5.0/24 -o eth1 -j IF-LAN5
-A INPUT -i eth0 -j INTERNET-IF
-A OUTPUT -o eth0 -j IF-INTERNET
-A FORWARD -d 192.168.5.0/24 -i eth0 -o eth1 -j INTERNET-LAN5
-A FORWARD -s 192.168.5.0/24 -i eth1 -o eth0 -j LAN5-INTERNET

-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

-A FORWARD -j ULOG --ulog-prefix "DFT_FORWARD_DROP"
-A FORWARD -j DROP
-A INPUT -j ULOG --ulog-prefix "DFT_INPUT_DROP"
-A INPUT -j DROP
-A OUTPUT -j ULOG --ulog-prefix "DFT_OUTPUT_DROP"
-A OUTPUT -j DROP

