# iptables -P INPUT DROP
# iptables -P FORWARD DROP
-------------------------
# iptables -P INPUT -i lo -j ACCEPT
# iptables -P OUTPUT -o lo -j ACCEPT
-------------------------
# iptables -A FORWARD -m state --state NEW -p tcp -d 192.168.1.20 --dport 80 -j ACCEPT
-------------------------
# iptables -A FORWARD -m state --state NEW -p tcp -d 192.168.1.21 --dport 25 -j ACCEPT
-------------------------
POP3
# iptables -A FORWARD -m state --state NEW -p tcp -d 192.168.1.21 --dport 110 -j ACCEPT
IMAP
# iptables -A FORWARD -m state --state NEW -p tcp -d 192.168.1.21 --dport 143 -j ACCEPT
IMAP+SSL
# iptables -A FORWARD -m state --state NEW -p tcp -d 192.168.1.21 --dport 993 -j ACCEPT
-------------------------
# iptables -A FORWARD -m state --state NEW -p tcp -d 192.168.1.21 --dport 53 -j ACCEPT
-------------------------
# iptables -A FORWARD -p udp -d 192.168.1.18 --dport 53 -j ACCEPT
# iptables -A FORWARD -p udp -s 192.168.1.18 --sport 53 -j ACCEPT
-------------------------
# iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-------------------------
# iptables -A FORWARD -m state --state NEW -i eth1 -j ACCEPT
-------------------------
# echo 1 > /proc/sys/net/ipv4/ip_forward
-------------------------
net.ipv4.ip_forward=1
-------------------------
# echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
-------------------------
net.ipv4.conf.all.rp_filter=1
-------------------------
# /sbin/service iptables save
-------------------------
# /etc/init.d/iptables save_active
