# Generated by iptables-save v1.3.8 and updated for 13039 BBB release 2013/02/08.
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# Open door policy on physically secure interfaces.
-A INPUT -i usb0 -j ACCEPT
-A INPUT -s 127.0.0.0/8 -i lo -j ACCEPT
# And an open door policy on 6in4 tunnels.
# -A INPUT -p ipv6 -j ACCEPT
# Very selective about icmp and count the drops.
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -p icmp -j DROP
# What will become our kWall wlan0 (Wifi) section and count the drops.
-A INPUT -i wlan0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i wlan0 -p tcp -j DROP
-A INPUT -i wlan0 -p udp -m state --state ESTABLISHED -j ACCEPT 
-A INPUT -i wlan0 -p udp -j DROP
-A INPUT -i wlan0 -j DROP
# What will become our kWall ppp0 (3G) section and count the drops.
-A INPUT -i ppp0 -p udp -m udp --sport 40317 -j ACCEPT 
-A INPUT -i ppp0 -p udp -m udp --sport 49317 -j ACCEPT 
-A INPUT -i ppp0 -p udp -m udp --sport 33434 -j ACCEPT 
-A INPUT -i ppp0 -p tcp -m tcp --dport 40317 -j ACCEPT 
-A INPUT -i ppp0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -j DROP 
-A INPUT -i ppp0 -p udp -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -j DROP
# Dis-allow 3G tethering and count passing packets
-A FORWARD -i ppp0 -j DROP
-A FORWARD -o ppp0 -j DROP
-A FORWARD -j ACCEPT
# Open door policy for the physically secure interfaces, just count.
-A OUTPUT -d 127.0.0.0/8 -o lo -j ACCEPT
-A OUTPUT -o usb0 -j ACCEPT
# What will become our kWall BBB section.
-A OUTPUT -d 23.0.0.0/12       -j DROP
-A OUTPUT -d 23.20.0.0/14      -j DROP
-A OUTPUT -d 50.16.0.0/14      -j DROP
# Count and drop the sub-net first.
-A OUTPUT -d 54.240.128.0/18   -j DROP
-A OUTPUT -d 54.240.0.0/12     -j DROP
-A OUTPUT -d 64.208.0.0/16     -j DROP
-A OUTPUT -d 64.209.0.0/17     -j DROP
-A OUTPUT -d 72.21.192.0/19    -j DROP
-A OUTPUT -d 107.20.0.0/14     -j DROP
-A OUTPUT -d 176.32.96.0/21    -j DROP
-A OUTPUT -d 178.236.0.0/21    -j DROP
-A OUTPUT -d 184.72.0.0/15     -j DROP
-A OUTPUT -d 204.246.160.0/19  -j DROP
-A OUTPUT -d 205.251.192.0/18  -j DROP
-A OUTPUT -d 207.171.160.0/19  -j DROP
COMMIT
