- /sbin/iptables -N POLICY
- /sbin/iptables -A FORWARD -j POLICY
-
- /usr/sbin/firewall-forward-policy
+ /sbin/iptables -N POLICYIN
+ /sbin/iptables -A INPUT -j POLICYIN
+ /sbin/iptables -N POLICYFWD
+ /sbin/iptables -A FORWARD -j POLICYFWD
+ /sbin/iptables -N POLICYOUT
+ /sbin/iptables -A OUTPUT -j POLICYOUT
+
+ /usr/sbin/firewall-policy
+
+ /sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
+
+ if [ "$DROPINPUT" == "on" ]; then
+ /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"
+ fi
+ if [ "$DROPFORWARD" == "on" ]; then
+ /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
+ fi
+ /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"