# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT
###################################################
#
# How strick interprets the above RedHat /etc/sysconfig/iptables

iptables -P INPUT    DROP
iptables -P OUTPUT   DROP
iptables -P FORWARD  DROP

iptables -F INPUT    
iptables -F OUTPUT   
iptables -F FORWARD  

iptables -F RH-Lokkit-0-50-INPUT

iptables -A INPUT -j RH-Lokkit-0-50-INPUT

iptables -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT

iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT

iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT

iptables -P INPUT    ACCEPT
iptables -P OUTPUT   ACCEPT
: iptables -P FORWARD  ACCEPT

###################################################