Log and DROP "abnormal" @apache / HTTPD connections

iptables-apache

# Generated by iptables-save v1.4.21 on Wed Dec 26 00:02:00 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:APACHE - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -s 10.0.0.0/8 -j ACCEPT
-A INPUT -s 172.16.0.0/12 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m owner --uid-owner 48 -j APACHE
-A APACHE -o lo -j RETURN
-A APACHE -m conntrack --ctstate RELATED,ESTABLISHED -j RETURN
-A APACHE -d 10.0.0.0/8 -j RETURN
-A APACHE -d 172.16.0.0/12 -j RETURN
-A APACHE -d 192.168.0.0/16 -j RETURN
-A APACHE -s 192.168.1.1/32 -p tcp -m multiport --sports 80,443 -j RETURN
-A APACHE -m limit --limit 3/min -j LOG --log-prefix "iptables-apache: " --log-tcp-options --log-ip-options --log-uid
-A APACHE -j DROP
COMMIT
# Completed on Wed Dec 26 00:02:00 2018