ipchains (Pete's notes)

# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
:output ACCEPT

############### Allow inbound DNS (Domain Name System) packets.
-A input --source 0/0 53 --destination 0/0 --protocol udp --jump ACCEPT

############### Allow FTP (File Transfer Protocol) packets.
-A input --source 0/0 --destination 0/0 21 --protocol tcp --syn --jump ACCEPT

############### Allow SSH (Secure Shell) packets.
-A input --source 0/0 --destination 0/0 22 --protocol tcp --syn --jump ACCEPT

############### Allow NTP (Network Time Protocol) packets.
-A input --source 0/0 --destination 0/0 123 --protocol udp --jump ACCEPT

############### Allow SNMP request and SNMP trap packets.
#-A input --source 0/0 --destination 0/0 161 --protocol udp --jump ACCEPT
#-A input --source 0/0 --destination 0/0 162 --protocol udp --jump ACCEPT

############### Allow SNMP response packets.
-A input --source 0/0 161 --destination 0/0 1025:65535 --protocol udp --jump ACCEPT

############### Allow all packets from the loopback interface.
-A input --source 0/0 --destination 0/0 --interface lo --jump ACCEPT

############### Allow all packets from the SCD Citrix server.
-A input --source 128.117.10.73 --destination 0/0 --protocol tcp --jump ACCEPT
-A input --source 128.117.10.73 --destination 0/0 --protocol udp --jump ACCEPT

############### Allow UDP packets from the UCAR VPN server on ports 500 and 10000
-A input --source 192.43.244.230 --destination 0/0 500   --protocol udp --jump ACCEPT
-A input --source 192.43.244.230 --destination 0/0 10000 --protocol udp --jump ACCEPT

############### Block all other TCP and UDP packets.
-A input --source 0/0 --destination 0/0 --protocol tcp --syn --jump REJECT
-A input --source 0/0 --destination 0/0 --protocol udp --jump REJECT