-A INPUT -p icmp -j DROP
-A INPUT -p tcp -m tcp --dport 80 -m recent --update --seconds 1 --hitcount 15 --name HTTP --rsource -j DROP
-A INPUT -m recent --rcheck --seconds 300 --name spammer --rsource -j DROP
-A INPUT -p tcp -m tcp --dport 25 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 5 --connlimit-mask 32 -m recent --set --name spammer --rsource -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -m owner --uid-owner root -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -m owner --gid-owner root -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -m owner --uid-owner 500 -j DROP
-A OUTPUT -p tcp -m tcp --dport 22 -m owner --gid-owner 500 -j DROP
-A OUTPUT -p udp -m udp ! --dport 53 -m state --state NEW -j DROP
-A syn-flood -m limit --limit 12/sec --limit-burst 24 -j RETURN
-A syn-flood -j DROP |
여행
윈도우서버 
