*filter :INPUT ACCEPT [139:11952] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [31:3232] # Allow host ports -A INPUT -p tcp --dport 22 -j ACCEPT -A INPUT -p tcp --dport 53 -j ACCEPT -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 13699 -j ACCEPT # Standard Internal Traffic -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # NAT Forwarding -A FORWARD -i enp2s0.10 -o enp2s0.2 -j ACCEPT -A FORWARD -i enp2s0.11 -o enp2s0.2 -j ACCEPT -A FORWARD -i enp2s0.12 -o enp2s0.2 -j ACCEPT -A FORWARD -i enp2s0.13 -o enp2s0.2 -j ACCEPT -A FORWARD -i enp2s0.14 -o enp2s0.2 -j ACCEPT # NAT Returns -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -m conntrack --ctstate INVALID -j DROP # Drop weird shit -A INPUT -p tcp -j DROP COMMIT *nat :PREROUTING ACCEPT [12:835] :INPUT ACCEPT [12:835] :OUTPUT ACCEPT [1:104] :POSTROUTING ACCEPT [0:0] # General NAT Traffic -A POSTROUTING -o enp2s0.2 -j MASQUERADE COMMIT