/gist:7aacd8367b9717a9c63687e264bec0da Secret

## gistfile1.txt
$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             ctstate RELATED
input_ext  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-IN-ILL-TARGET "
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-FWD-ILL-ROUTING "

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain forward_ext (0 references)
target     prot opt source               destination

Chain input_ext (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             PKTTYPE = broadcast
ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
DROP       all  --  anywhere             anywhere             PKTTYPE = multicast
DROP       all  --  anywhere             anywhere             PKTTYPE = broadcast
LOG        tcp  --  anywhere             anywhere             limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
LOG        icmp --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
LOG        udp  --  anywhere             anywhere             limit: avg 3/min burst 5 ctstate NEW LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
DROP       all  --  anywhere             anywhere

Chain reject_func (0 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset
REJECT     udp  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-proto-unreachable
	$ sudo iptables -L
	Chain INPUT (policy DROP)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere
	ACCEPT all -- anywhere anywhere ctstate ESTABLISHED
	ACCEPT icmp -- anywhere anywhere ctstate RELATED
	input_ext all -- anywhere anywhere
	LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-IN-ILL-TARGET "
	DROP all -- anywhere anywhere

	Chain FORWARD (policy DROP)
	target prot opt source destination
	LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-FWD-ILL-ROUTING "

	Chain OUTPUT (policy ACCEPT)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere

	Chain forward_ext (0 references)
	target prot opt source destination

	Chain input_ext (1 references)
	target prot opt source destination
	DROP all -- anywhere anywhere PKTTYPE = broadcast
	ACCEPT icmp -- anywhere anywhere icmp source-quench
	ACCEPT icmp -- anywhere anywhere icmp echo-request
	DROP all -- anywhere anywhere PKTTYPE = multicast
	DROP all -- anywhere anywhere PKTTYPE = broadcast
	LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
	LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
	LOG udp -- anywhere anywhere limit: avg 3/min burst 5 ctstate NEW LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
	DROP all -- anywhere anywhere

	Chain reject_func (0 references)
	target prot opt source destination
	REJECT tcp -- anywhere anywhere reject-with tcp-reset
	REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
	REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable