
#DISPATCH and DEFAULT Rules
:INTERNET-INTRANET -
:INTERNET-NET1 -
:INTERNET-NET2 -
:INTRANET-INTERNET -
:INTRANET-NET1 -
:INTRANET-NET2 -
:NET1-INTERNET -
:NET1-INTRANET -
:NET1-NET2 -
:NET2-INTERNET -
:NET2-INTRANET -
:NET2-NET1 -
:IF-INTERNET -
:INTERNET-IF -
:IF-INTRANET -
:INTRANET-IF -
:IF-NET1 -
:NET1-IF -
:IF-NET2 -
:NET2-IF -
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A INPUT -m state --state INVALID -j DROP
-A OUTPUT -m state --state INVALID -j DROP

-A FORWARD -s 10.42.1.0/24 -d 10.42.2.0/24 -i eth1 -o eth2 -j NET1-NET2
-A FORWARD -s 10.42.1.0/24 -d 10.0.0.0/8 -i eth1 -o eth0 -j NET1-INTRANET
-A FORWARD -s 10.42.2.0/24 -d 10.42.1.0/24 -i eth2 -o eth1 -j NET2-NET1
-A FORWARD -s 10.42.2.0/24 -d 10.0.0.0/8 -i eth2 -o eth0 -j NET2-INTRANET
-A FORWARD -s 10.0.0.0/8 -d 10.42.1.0/24 -i eth0 -o eth1 -j INTRANET-NET1
-A FORWARD -s 10.0.0.0/8 -d 10.42.2.0/24 -i eth0 -o eth2 -j INTRANET-NET2
-A INPUT -s 10.42.1.0/24 -i eth1 -j NET1-IF
-A INPUT -s 10.42.2.0/24 -i eth2 -j NET2-IF
-A INPUT -s 10.0.0.0/8 -i eth0 -j INTRANET-IF
-A OUTPUT -d 10.0.0.0/8 -o eth0 -j IF-INTRANET
-A OUTPUT -d 10.42.1.0/24 -o eth1 -j IF-NET1
-A OUTPUT -d 10.42.2.0/24 -o eth2 -j IF-NET2
-A INPUT -i eth0 -j INTERNET-IF
-A OUTPUT -o eth0 -j IF-INTERNET
-A FORWARD -s 10.42.1.0/24 -i eth1 -o eth0 -j NET1-INTERNET
-A FORWARD -s 10.42.2.0/24 -i eth2 -o eth0 -j NET2-INTERNET
-A FORWARD -d 10.42.1.0/24 -i eth0 -o eth1 -j INTERNET-NET1
-A FORWARD -d 10.42.2.0/24 -i eth0 -o eth2 -j INTERNET-NET2
-A FORWARD -d 10.0.0.0/8 -i eth0 -o eth0 -j INTERNET-INTRANET
-A FORWARD -s 10.0.0.0/8 -i eth0 -o eth0 -j INTRANET-INTERNET

-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

-A FORWARD -j ULOG --ulog-prefix "DFT_FORWARD_DROP"
-A FORWARD -j DROP
-A INPUT -j ULOG --ulog-prefix "DFT_INPUT_DROP"
-A INPUT -j DROP
-A OUTPUT -j ULOG --ulog-prefix "DFT_OUTPUT_DROP"
-A OUTPUT -j DROP

