*filter
:FORWARD - [0:0]
:INPUT - [0:0]
:LOCAL-INPUT - [0:0]
:OUTPUT - [0:0]
-A INPUT -j LOCAL-INPUT -m comment --comment "SIMP:"
-I INPUT -p icmpv6 -j ACCEPT -m comment --comment "SIMP:"
-A FORWARD -j LOCAL-INPUT -m comment --comment "SIMP:"
-I FORWARD -p icmpv6 -j ACCEPT -m comment --comment "SIMP:"
-A LOCAL-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -m comment --comment "SIMP:"
-A LOCAL-INPUT -i lo -j ACCEPT -m comment --comment "SIMP:"
-A LOCAL-INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 8 -j ACCEPT -m comment --comment "SIMP:"
-A LOCAL-INPUT -m state --state NEW -m tcp -p tcp -m multiport --dports 2123,24593 -j ACCEPT -m comment --comment "SIMP:"
-A LOCAL-INPUT -m state --state NEW -m tcp -p tcp -m multiport --dports 22 -j ACCEPT -m comment --comment "SIMP:"
-A LOCAL-INPUT -m state --state NEW -m tcp -p tcp -m multiport --dports 3306,443,5432,80 -j ACCEPT -m comment --comment "SIMP:"
-A LOCAL-INPUT -m state --state NEW -p udp -m multiport --dports 2123,24593 -j ACCEPT -m comment --comment "SIMP:"
-A LOCAL-INPUT -m pkttype --pkt-type broadcast -j DROP -m comment --comment "SIMP:"
-A LOCAL-INPUT -m pkttype --pkt-type multicast -j DROP -m comment --comment "SIMP:"
-A LOCAL-INPUT -m state --state NEW -j LOG --log-prefix "IPT:" -m comment --comment "SIMP:"
-A LOCAL-INPUT -j DROP -m comment --comment "SIMP:"
-A OUTPUT -o lo -j ACCEPT -m comment --comment "SIMP:"
-A OUTPUT -p tcp --dport 25 -j DROP -m comment --comment "SIMP:"
COMMIT
*raw
:PREROUTING - [0:0]
-A PREROUTING -i lo ! -s ::1/128 -j DROP -m comment --comment "SIMP: Prevent Spoofing of Localhost Addresses"
COMMIT