# Generated by iptables-save v1.2.8 on Tue Feb 10 16:16:41 2004
*mangle
:PREROUTING ACCEPT [407:41667]
:INPUT ACCEPT [407:41667]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [278:22960]
:POSTROUTING ACCEPT [280:23232]

# For MySQL LVS
-A PREROUTING -d 131.225.107.124/32 -p tcp -m tcp --dport 3306 -j MARK --set-mark 3306
# For SAZ LVS
-A PREROUTING -d 131.225.107.126/32 -p tcp -m tcp --dport 8888 -j MARK --set-mark 8888
# For gums http LVS
# -A PREROUTING -d 131.225.107.XXX/32 -p tcp -m tcp --dport 80 -j MARK --set-mark 80
# For gums https LVS
# -A PREROUTING -d 131.225.107.XXX/32 -p tcp -m tcp --dport 8443 -j MARK --set-mark 80

COMMIT

*filter
:INPUT ACCEPT [35:5488]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [22:1588]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 

# Accept all from within 131.225.0.0
-A INPUT -s 131.225.0.0/255.255.0.0 -j ACCEPT 

# Allow ssh
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -p udp -m udp --dport 22 -j ACCEPT 

# Allow kerberized telnet
-A INPUT -p tcp -m tcp --dport 23 -j ACCEPT 
-A INPUT -p udp -m udp --dport 23 -j ACCEPT 

# Allow httpd
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -p udp -m udp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT 
-A INPUT -p udp -m udp --dport 8443 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 3636 -j ACCEPT 
-A INPUT -p udp -m udp --dport 3636 -j ACCEPT 

# Allow klogin
-A INPUT -p tcp -m tcp --dport 543 -j ACCEPT 
-A INPUT -p udp -m udp --dport 543 -j ACCEPT 

# Allow kshell
-A INPUT -p tcp -m tcp --dport 544 -j ACCEPT 
-A INPUT -p udp -m udp --dport 544 -j ACCEPT 

# Allow eklogin
-A INPUT -p tcp -m tcp --dport 2105 -j ACCEPT 
-A INPUT -p udp -m udp --dport 2105 -j ACCEPT 

# drop everything else
-A INPUT -j DROP 
COMMIT
# Completed on Fri Dec 20 11:18:52 2002