# Generated by iptables-save v1.3.8 on Mon Feb 11 09:18:17 2013
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# Packets arriving by 3G
:ppp-in - [0:0]
-A ppp-in -p udp -m udp   --sport 40317 -j ACCEPT 
-A ppp-in -p udp -m udp   --sport 49317 -j ACCEPT 
-A ppp-in -p udp -m udp   --sport 33434 -j ACCEPT 
-A ppp-in -p tcp -m tcp   --dport 40317 -j ACCEPT 
-A ppp-in -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A ppp-in -p tcp -j DROP 
-A ppp-in -p udp -m state --state ESTABLISHED -j ACCEPT 
-A ppp-in -p udp -j DROP
-A ppp-in -j DROP
# Packets leaving by 3G
:ppp-out - [0:0]
-A ppp-out -d 23.0.0.0/12       -j DROP
-A ppp-out -d 23.20.0.0/14      -j DROP
-A ppp-out -d 50.16.0.0/14      -j DROP
# Count and drop the sub-net first.
-A ppp-out -d 54.240.128.0/18   -j DROP
-A ppp-out -d 54.240.0.0/12     -j DROP
-A ppp-out -d 64.208.0.0/16     -j DROP
-A ppp-out -d 64.209.0.0/17     -j DROP
-A ppp-out -d 72.21.192.0/19    -j DROP
-A ppp-out -d 107.20.0.0/14     -j DROP
-A ppp-out -d 176.32.96.0/21    -j DROP
-A ppp-out -d 178.236.0.0/21    -j DROP
-A ppp-out -d 184.72.0.0/15     -j DROP
-A ppp-out -d 204.246.160.0/19  -j DROP
-A ppp-out -d 205.251.192.0/18  -j DROP
-A ppp-out -d 207.171.160.0/19  -j DROP
-A ppp-out -j ACCEPT
# Packets arriving by USB
:usb-in - [0:0]
-A usb-in -j ACCEPT
# Packets leaving by USB
:usb-out - [0:0]
-A usb-out -d 23.0.0.0/12       -j DROP
-A usb-out -d 23.20.0.0/14      -j DROP
-A usb-out -d 50.16.0.0/14      -j DROP
# Count and drop the sub-net first.
-A usb-out -d 54.240.128.0/18   -j DROP
-A usb-out -d 54.240.0.0/12     -j DROP
-A usb-out -d 64.208.0.0/16     -j DROP
-A usb-out -d 64.209.0.0/17     -j DROP
-A usb-out -d 72.21.192.0/19    -j DROP
-A usb-out -d 107.20.0.0/14     -j DROP
-A usb-out -d 176.32.96.0/21    -j DROP
-A usb-out -d 178.236.0.0/21    -j DROP
-A usb-out -d 184.72.0.0/15     -j DROP
-A usb-out -d 204.246.160.0/19  -j DROP
-A usb-out -d 205.251.192.0/18  -j DROP
-A usb-out -d 207.171.160.0/19  -j DROP
-A usb-out -j ACCEPT
# Packets arriving by Wifi
:wlan-in - [0:0]
-A wlan-in -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A wlan-in -p tcp -j DROP 
-A wlan-in -p udp -m state --state ESTABLISHED -j ACCEPT 
-A wlan-in -p udp -j DROP 
-A wlan-in -j DROP
# Packets leaving by Wifi
:wlan-out - [0:0]
-A wlan-out -d 23.0.0.0/12       -j DROP
-A wlan-out -d 23.20.0.0/14      -j DROP
-A wlan-out -d 50.16.0.0/14      -j DROP
# Count and drop the sub-net first.
-A wlan-out -d 54.240.128.0/18   -j DROP
-A wlan-out -d 54.240.0.0/12     -j DROP
-A wlan-out -d 64.208.0.0/16     -j DROP
-A wlan-out -d 64.209.0.0/17     -j DROP
-A wlan-out -d 72.21.192.0/19    -j DROP
-A wlan-out -d 107.20.0.0/14     -j DROP
-A wlan-out -d 176.32.96.0/21    -j DROP
-A wlan-out -d 178.236.0.0/21    -j DROP
-A wlan-out -d 184.72.0.0/15     -j DROP
-A wlan-out -d 204.246.160.0/19  -j DROP
-A wlan-out -d 205.251.192.0/18  -j DROP
-A wlan-out -d 207.171.160.0/19  -j DROP
-A wlan-out -j ACCEPT
# Packets arriving
-A INPUT   -i lo    -s 127.0.0.0/8 -j ACCEPT
-A INPUT   -i lo    -j DROP 
-A INPUT   -i usb0  -j usb-in
-A INPUT   -p icmp  -m icmp  --icmp-type echo-request    -j ACCEPT 
-A INPUT   -p icmp  -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT   -p icmp  -j DROP
-A INPUT   -i wlan0 -j wlan-in
-A INPUT   -i ppp0  -j ppp-in
-A INPUT   -j DROP
# Prohibit forwarding to/from 3G
-A FORWARD -i ppp0  -j DROP 
-A FORWARD -o ppp0  -j DROP 
-A FORWARD -j ACCEPT
# Packets leaving
-A OUTPUT  -p icmp  -j ACCEPT
-A OUTPUT  -o lo    -d 127.0.0.0/8 -j ACCEPT
-A OUTPUT  -o usb0  -j usb-out
-A OUTPUT  -o wlan0 -j wlan-out
-A OUTPUT  -o ppp0  -j ppp-out
-A OUTPUT  -j ACCEPT
COMMIT
