What sort of topology do you have in your home network and how do you manage it with iptables? Specially if you're using it to build a firewall or a NAT box. Different people have different setups and I'm curious about decisions behind the rules. There are quite an array of extensions to be used with iptables, some being extremely usefull (e.g. conntrack, limit, recent etc) but only a handful have been used in example rule sets I've found on the interwebz.
So, I'd request you guys to post your rule sets whether you manage a small and simple network setup or a complex one (and don't fear posting the rules to be a security hazard
Also, the strategy you thought of while designing the rule-set would be helpful.
Here's mine (sitting behind NAT)::
Only the INPUT chain from filter
# iptables -t filter -L INPUT --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere
2 DROP all -- anywhere anywhere ctstate INVALID
3 ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
4 ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
5 ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
6 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
7 UDP udp -- anywhere anywhere ctstate NEW
8 TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
9 REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
10 REJECT tcp -- anywhere anywhere recent: SET name: TCP-PORTSCAN side: source mask: 255.255.255.255 reject-with tcp-reset
11 REJECT udp -- anywhere anywhere recent: SET name: UDP-PORTSCAN side: source mask: 255.255.255.255 reject-with icmp-port-unreachable
