## This file is /etc/sysconfig/iptables
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED -j ACCEPT
-A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPTT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
### This rule blocks a Polish subnet, used in status script to ensure firewall blocking
-A INPUT -s 31.0.0.0/13 -j DROP
##Close this rule if your eth1 or eth2 is a WAN port:
-A INPUT -i ! eth0 -j ACCEPT
#### SIP servers:
-A INPUT -s 64.136.174.30/26 -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -s 64.136.173.31 -p udp -m udp --dport 5060 -j ACCEPT

#### Begin whitelist:
-A INPUT -s repo.smpltechno.com -j ACCEPT
-A INPUT -s john.smpltechno.com -j ACCEPT
-A INPUT -s home.ecomobile.com -j ACCEPT

COMMIT
