# Generated by iptables-save v1.4.6 on Fri Apr  6 11:31:36 2012
*nat
:PREROUTING ACCEPT [17634:2310543]
:POSTROUTING ACCEPT [1:328]
:OUTPUT ACCEPT [931:59449]
:nat_reflection_in - [0:0]
:nat_reflection_out - [0:0]
:pf_loopback_A - [0:0]
:pf_loopback_C - [0:0]
:postrouting_rule - [0:0]
:prerouting_lan - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan - [0:0]
:zone_lan_nat - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_nat - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -j prerouting_rule 
-A PREROUTING -i br-lan -j zone_lan_prerouting 
-A PREROUTING -i pppoe-wan -j zone_wan_prerouting 
-A POSTROUTING -j postrouting_rule 
-A POSTROUTING -o br-lan -j zone_lan_nat 
-A POSTROUTING -o pppoe-wan -j zone_wan_nat 
-A postrouting_rule -o br-lan -j pf_loopback_C 
-A postrouting_rule -o eth1 -j MASQUERADE 
-A postrouting_rule -j nat_reflection_out 
-A prerouting_rule -j nat_reflection_in 
-A zone_lan_prerouting -d 10.2.45.221/32 -j pf_loopback_A 
-A zone_lan_prerouting -j prerouting_lan 
-A zone_wan_nat -j MASQUERADE 
-A zone_wan_prerouting -j prerouting_wan 
COMMIT
# Completed on Fri Apr  6 11:31:36 2012
# Generated by iptables-save v1.4.6 on Fri Apr  6 11:31:36 2012
*raw
:PREROUTING ACCEPT [766563:612385237]
:OUTPUT ACCEPT [3898:752164]
:zone_lan_notrack - [0:0]
:zone_wan_notrack - [0:0]
-A PREROUTING -i br-lan -j zone_lan_notrack 
-A PREROUTING -i pppoe-wan -j zone_wan_notrack 
COMMIT
# Completed on Fri Apr  6 11:31:36 2012
# Generated by iptables-save v1.4.6 on Fri Apr  6 11:31:36 2012
*mangle
:PREROUTING ACCEPT [766526:612378837]
:INPUT ACCEPT [8956:1506262]
:FORWARD ACCEPT [749595:609147545]
:OUTPUT ACCEPT [3890:751588]
:POSTROUTING ACCEPT [753434:609823653]
:bw_egress - [0:0]
:l7marker - [0:0]
:qos_egress - [0:0]
:qos_ingress - [0:0]
:zone_wan_MSSFIX - [0:0]
-A PREROUTING -m connbytes --connbytes 0:20 --connbytes-mode packets --connbytes-dir both -m connmark --mark 0x0/0xff0000 -j l7marker 
-A INPUT -i pppoe-wan -j qos_ingress 
-A FORWARD -j zone_wan_MSSFIX 
-A FORWARD -i pppoe-wan -j qos_ingress 
-A POSTROUTING -m connbytes --connbytes 0:20 --connbytes-mode packets --connbytes-dir both -m connmark --mark 0x0/0xff0000 -j l7marker 
-A POSTROUTING -o pppoe-wan -j bw_egress 
-A POSTROUTING -o pppoe-wan -j qos_egress 
-A bw_egress -m bandwidth --id total1-upload-2-449 --type combined --current_bandwidth 76816 --reset_interval 2 --reset_time 2 --intervals_to_save 449 --last_backup-time 1333683096 
-A bw_egress -m set --match-set local_addr_set src -m bandwidth --id bdist1-upload-minute-15 --type individual_src --reset_interval minute --intervals_to_save 15 --last_backup-time 1333683096 
-A bw_egress -m bandwidth --id total2-upload-minute-359 --type combined --current_bandwidth 1919229 --reset_interval minute --intervals_to_save 359 --last_backup-time 1333683096 
-A bw_egress -m set --match-set local_addr_set src -m bandwidth --id bdist2-upload-900-24 --type individual_src --reset_interval 900 --reset_time 900 --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_egress -m bandwidth --id total3-upload-180-479 --type combined --current_bandwidth 5381091 --reset_interval 180 --reset_time 180 --intervals_to_save 479 --last_backup-time 1333683096 
-A bw_egress -m set --match-set local_addr_set src -m bandwidth --id bdist3-upload-hour-24 --type individual_src --reset_interval hour --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_egress -m bandwidth --id total4-upload-7200-359 --type combined --current_bandwidth 185799227 --reset_interval 7200 --reset_time 7200 --intervals_to_save 359 --last_backup-time 1333683096 
-A bw_egress -m set --match-set local_addr_set src -m bandwidth --id bdist4-upload-day-31 --type individual_src --reset_interval day --intervals_to_save 31 --last_backup-time 1333683096 
-A bw_egress -m bandwidth --id total5-upload-day-365 --type combined --current_bandwidth 1192818473 --reset_interval day --intervals_to_save 365 --last_backup-time 1333683096 
-A bw_egress -m set --match-set local_addr_set src -m bandwidth --id bdist5-upload-month-12 --type individual_src --reset_interval month --intervals_to_save 12 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x2/0x7f -m bandwidth --id qos1-up-uclass_1-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x2/0x7f -m bandwidth --id qos2-up-uclass_1-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x2/0x7f -m bandwidth --id qos3-up-uclass_1-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x2/0x7f -m bandwidth --id qos4-up-uclass_1-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x2/0x7f -m bandwidth --id qos5-up-uclass_1-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x3/0x7f -m bandwidth --id qos1-up-uclass_2-minute-15 --type combined --current_bandwidth 3492 --reset_interval minute --intervals_to_save 15 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x3/0x7f -m bandwidth --id qos2-up-uclass_2-900-24 --type combined --current_bandwidth 7563 --reset_interval 900 --reset_time 900 --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x3/0x7f -m bandwidth --id qos3-up-uclass_2-hour-24 --type combined --current_bandwidth 276463 --reset_interval hour --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x3/0x7f -m bandwidth --id qos4-up-uclass_2-day-31 --type combined --current_bandwidth 7334017 --reset_interval day --intervals_to_save 31 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x3/0x7f -m bandwidth --id qos5-up-uclass_2-month-12 --type combined --current_bandwidth 163254770 --reset_interval month --intervals_to_save 12 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x4/0x7f -m bandwidth --id qos1-up-uclass_3-minute-15 --type combined --current_bandwidth 1913106 --reset_interval minute --intervals_to_save 15 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x4/0x7f -m bandwidth --id qos2-up-uclass_3-900-24 --type combined --current_bandwidth 5370499 --reset_interval 900 --reset_time 900 --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x4/0x7f -m bandwidth --id qos3-up-uclass_3-hour-24 --type combined --current_bandwidth 38431337 --reset_interval hour --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x4/0x7f -m bandwidth --id qos4-up-uclass_3-day-31 --type combined --current_bandwidth 1183880569 --reset_interval day --intervals_to_save 31 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x4/0x7f -m bandwidth --id qos5-up-uclass_3-month-12 --type combined --current_bandwidth 8947243845 --reset_interval month --intervals_to_save 12 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x5/0x7f -m bandwidth --id qos1-up-uclass_4-minute-15 --type combined --current_bandwidth 2331 --reset_interval minute --intervals_to_save 15 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x5/0x7f -m bandwidth --id qos2-up-uclass_4-900-24 --type combined --current_bandwidth 2383 --reset_interval 900 --reset_time 900 --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x5/0x7f -m bandwidth --id qos3-up-uclass_4-hour-24 --type combined --current_bandwidth 135236 --reset_interval hour --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x5/0x7f -m bandwidth --id qos4-up-uclass_4-day-31 --type combined --current_bandwidth 1090436 --reset_interval day --intervals_to_save 31 --last_backup-time 1333683096 
-A bw_egress -m connmark --mark 0x5/0x7f -m bandwidth --id qos5-up-uclass_4-month-12 --type combined --current_bandwidth 18155035 --reset_interval month --intervals_to_save 12 --last_backup-time 1333683096 
-A l7marker -m connmark --mark 0x0/0xff0000 -m layer7 --l7proto bittorrent -j CONNMARK --set-xmark 0x10000/0xff0000 
-A l7marker -m connmark --mark 0x0/0xff0000 -m layer7 --l7proto ssh -j CONNMARK --set-xmark 0x20000/0xff0000 
-A l7marker -m connmark --mark 0x0/0xff0000 -m layer7 --l7proto ssl -j CONNMARK --set-xmark 0x30000/0xff0000 
-A qos_egress -m mark ! --mark 0x0 -j CONNMARK --save-mark --nfmask 0x7f --ctmask 0x7f 
-A qos_egress -m mark ! --mark 0x0 -j RETURN 
-A qos_egress -j MARK --set-xmark 0x4/0xffffffff 
-A qos_egress -m connmark --mark 0x30000/0xff0000 -j MARK --set-xmark 0x3/0xffffffff 
-A qos_egress -m connmark --mark 0x20000/0xff0000 -j MARK --set-xmark 0x3/0xffffffff 
-A qos_egress -m connmark --mark 0x10000/0xff0000 -j MARK --set-xmark 0x4/0xffffffff 
-A qos_egress -p udp -m udp --dport 53 -j MARK --set-xmark 0x3/0xffffffff 
-A qos_egress -p tcp -m tcp --dport 53 -j MARK --set-xmark 0x3/0xffffffff 
-A qos_egress -p udp -m udp --dport 80 -m connbytes --connbytes 1048576:4294967295 --connbytes-mode bytes --connbytes-dir both -j MARK --set-xmark 0x5/0xffffffff 
-A qos_egress -p tcp -m tcp --dport 80 -m connbytes --connbytes 1048576:4294967295 --connbytes-mode bytes --connbytes-dir both -j MARK --set-xmark 0x5/0xffffffff 
-A qos_egress -p udp -m udp --dport 80 -j MARK --set-xmark 0x3/0xffffffff 
-A qos_egress -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x3/0xffffffff 
-A qos_egress -p udp -m udp --dport 443 -j MARK --set-xmark 0x3/0xffffffff 
-A qos_egress -p tcp -m tcp --dport 443 -j MARK --set-xmark 0x3/0xffffffff 
-A qos_egress -p udp -m udp --dport 443 -m connbytes --connbytes 1048576:4294967295 --connbytes-mode bytes --connbytes-dir both -j MARK --set-xmark 0x5/0xffffffff 
-A qos_egress -p tcp -m tcp --dport 443 -m connbytes --connbytes 1048576:4294967295 --connbytes-mode bytes --connbytes-dir both -j MARK --set-xmark 0x5/0xffffffff 
-A qos_egress -d 106.187.45.148/32 -j MARK --set-xmark 0x3/0xffffffff 
-A qos_egress -j CONNMARK --save-mark --nfmask 0x7f --ctmask 0x7f 
-A qos_ingress -j IMQ --todev 0
-A qos_ingress -m mark ! --mark 0x0 -j CONNMARK --save-mark --nfmask 0x7f00 --ctmask 0x7f00 
-A qos_ingress -m mark ! --mark 0x0 -j RETURN 
-A qos_ingress -j MARK --set-xmark 0x400/0xffffffff 
-A qos_ingress -m connmark --mark 0x30000/0xff0000 -j MARK --set-xmark 0x300/0xffffffff 
-A qos_ingress -m connmark --mark 0x20000/0xff0000 -j MARK --set-xmark 0x300/0xffffffff 
-A qos_ingress -m connmark --mark 0x10000/0xff0000 -j MARK --set-xmark 0x400/0xffffffff 
-A qos_ingress -p udp -m udp --sport 80 -j MARK --set-xmark 0x500/0xffffffff 
-A qos_ingress -p tcp -m tcp --sport 80 -j MARK --set-xmark 0x500/0xffffffff 
-A qos_ingress -p udp -m udp --sport 443 -j MARK --set-xmark 0x300/0xffffffff 
-A qos_ingress -p tcp -m tcp --sport 443 -j MARK --set-xmark 0x300/0xffffffff 
-A qos_ingress -p udp -m udp --sport 443 -m connbytes --connbytes 1048576:4294967295 --connbytes-mode bytes --connbytes-dir both -j MARK --set-xmark 0x300/0xffffffff 
-A qos_ingress -p tcp -m tcp --sport 443 -m connbytes --connbytes 1048576:4294967295 --connbytes-mode bytes --connbytes-dir both -j MARK --set-xmark 0x300/0xffffffff 
-A qos_ingress -p udp -m udp --sport 53 -j MARK --set-xmark 0x300/0xffffffff 
-A qos_ingress -p tcp -m tcp --sport 53 -j MARK --set-xmark 0x300/0xffffffff 
-A qos_ingress -d 106.187.45.148/32 -j MARK --set-xmark 0x300/0xffffffff 
-A qos_ingress -p udp -m udp --sport 80 -m connbytes --connbytes 1048576:4294967295 --connbytes-mode bytes --connbytes-dir both -j MARK --set-xmark 0x500/0xffffffff 
-A qos_ingress -p tcp -m tcp --sport 80 -m connbytes --connbytes 1048576:4294967295 --connbytes-mode bytes --connbytes-dir both -j MARK --set-xmark 0x500/0xffffffff 
-A qos_ingress -j CONNMARK --save-mark --nfmask 0x7f00 --ctmask 0x7f00 
-A zone_wan_MSSFIX -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 
COMMIT
# Completed on Fri Apr  6 11:31:36 2012
# Generated by iptables-save v1.4.6 on Fri Apr  6 11:31:36 2012
*filter
:INPUT ACCEPT [5105:1056576]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:bw_ingress - [0:0]
:egress_restrictions - [0:0]
:egress_whitelist - [0:0]
:forward - [0:0]
:forwarding_lan - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan - [0:0]
:ingress_restrictions - [0:0]
:ingress_whitelist - [0:0]
:input - [0:0]
:input_lan - [0:0]
:input_rule - [0:0]
:input_wan - [0:0]
:nat_reflection_fwd - [0:0]
:output - [0:0]
:output_rule - [0:0]
:pf_loopback_B - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:web_monitor - [0:0]
:zone_lan - [0:0]
:zone_lan_ACCEPT - [0:0]
:zone_lan_DROP - [0:0]
:zone_lan_REJECT - [0:0]
:zone_lan_forward - [0:0]
:zone_wan - [0:0]
:zone_wan_ACCEPT - [0:0]
:zone_wan_DROP - [0:0]
:zone_wan_REJECT - [0:0]
:zone_wan_forward - [0:0]
-A INPUT -i pppoe-wan -j bw_ingress 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood 
-A INPUT -j input_rule 
-A INPUT -j input 
-A FORWARD -i pppoe-wan -j bw_ingress 
-A FORWARD -i pppoe-wan -j ingress_restrictions 
-A FORWARD -o pppoe-wan -j egress_restrictions 
-A FORWARD -o eth1 -j web_monitor 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -j forwarding_rule 
-A FORWARD -j forward 
-A FORWARD -j reject 
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -j output_rule 
-A OUTPUT -j output 
-A bw_ingress -m bandwidth --id total1-download-2-449 --type combined --current_bandwidth 2330 --reset_interval 2 --reset_time 2 --intervals_to_save 449 --last_backup-time 1333683096 
-A bw_ingress -m set --match-set local_addr_set dst -m bandwidth --id bdist1-download-minute-15 --type individual_dst --reset_interval minute --intervals_to_save 15 --last_backup-time 1333683096 
-A bw_ingress -m bandwidth --id total2-download-minute-359 --type combined --current_bandwidth 62441 --reset_interval minute --intervals_to_save 359 --last_backup-time 1333683096 
-A bw_ingress -m set --match-set local_addr_set dst -m bandwidth --id bdist2-download-900-24 --type individual_dst --reset_interval 900 --reset_time 900 --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_ingress -m bandwidth --id total3-download-180-479 --type combined --current_bandwidth 174823 --reset_interval 180 --reset_time 180 --intervals_to_save 479 --last_backup-time 1333683096 
-A bw_ingress -m set --match-set local_addr_set dst -m bandwidth --id bdist3-download-hour-24 --type individual_dst --reset_interval hour --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_ingress -m bandwidth --id total4-download-7200-359 --type combined --current_bandwidth 40557971 --reset_interval 7200 --reset_time 7200 --intervals_to_save 359 --last_backup-time 1333683096 
-A bw_ingress -m set --match-set local_addr_set dst -m bandwidth --id bdist4-download-day-31 --type individual_dst --reset_interval day --intervals_to_save 31 --last_backup-time 1333683096 
-A bw_ingress -m bandwidth --id total5-download-day-365 --type combined --current_bandwidth 116179829 --reset_interval day --intervals_to_save 365 --last_backup-time 1333683096 
-A bw_ingress -m set --match-set local_addr_set dst -m bandwidth --id bdist5-download-month-12 --type individual_dst --reset_interval month --intervals_to_save 12 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x200/0x7f00 -m bandwidth --id qos1-down-dclass_1-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x200/0x7f00 -m bandwidth --id qos2-down-dclass_1-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x200/0x7f00 -m bandwidth --id qos3-down-dclass_1-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x200/0x7f00 -m bandwidth --id qos4-down-dclass_1-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x200/0x7f00 -m bandwidth --id qos5-down-dclass_1-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x300/0x7f00 -m bandwidth --id qos1-down-dclass_2-minute-15 --type combined --current_bandwidth 3073 --reset_interval minute --intervals_to_save 15 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x300/0x7f00 -m bandwidth --id qos2-down-dclass_2-900-24 --type combined --current_bandwidth 3969 --reset_interval 900 --reset_time 900 --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x300/0x7f00 -m bandwidth --id qos3-down-dclass_2-hour-24 --type combined --current_bandwidth 213010 --reset_interval hour --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x300/0x7f00 -m bandwidth --id qos4-down-dclass_2-day-31 --type combined --current_bandwidth 16855381 --reset_interval day --intervals_to_save 31 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x300/0x7f00 -m bandwidth --id qos5-down-dclass_2-month-12 --type combined --current_bandwidth 398588919 --reset_interval month --intervals_to_save 12 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x400/0x7f00 -m bandwidth --id qos1-down-dclass_3-minute-15 --type combined --current_bandwidth 59368 --reset_interval minute --intervals_to_save 15 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x400/0x7f00 -m bandwidth --id qos2-down-dclass_3-900-24 --type combined --current_bandwidth 168918 --reset_interval 900 --reset_time 900 --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x400/0x7f00 -m bandwidth --id qos3-down-dclass_3-hour-24 --type combined --current_bandwidth 1641479 --reset_interval hour --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x400/0x7f00 -m bandwidth --id qos4-down-dclass_3-day-31 --type combined --current_bandwidth 41754790 --reset_interval day --intervals_to_save 31 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x400/0x7f00 -m bandwidth --id qos5-down-dclass_3-month-12 --type combined --current_bandwidth 24960403058 --reset_interval month --intervals_to_save 12 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x500/0x7f00 -m bandwidth --id qos1-down-dclass_4-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x500/0x7f00 -m bandwidth --id qos2-down-dclass_4-900-24 --type combined --current_bandwidth 1936 --reset_interval 900 --reset_time 900 --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x500/0x7f00 -m bandwidth --id qos3-down-dclass_4-hour-24 --type combined --current_bandwidth 1104467 --reset_interval hour --intervals_to_save 24 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x500/0x7f00 -m bandwidth --id qos4-down-dclass_4-day-31 --type combined --current_bandwidth 57569525 --reset_interval day --intervals_to_save 31 --last_backup-time 1333683096 
-A bw_ingress -m connmark --mark 0x500/0x7f00 -m bandwidth --id qos5-down-dclass_4-month-12 --type combined --current_bandwidth 421357916 --reset_interval month --intervals_to_save 12 --last_backup-time 1333683096 
-A egress_restrictions -j egress_whitelist 
-A forward -i br-lan -j zone_lan_forward 
-A forward -i pppoe-wan -j zone_wan_forward 
-A forwarding_rule -o eth1 -j ACCEPT 
-A forwarding_rule -j nat_reflection_fwd 
-A ingress_restrictions -j ingress_whitelist 
-A input -i br-lan -j zone_lan 
-A input -i pppoe-wan -j zone_wan 
-A output -j zone_lan_ACCEPT 
-A output -j zone_wan_ACCEPT 
-A reject -p tcp -j REJECT --reject-with tcp-reset 
-A reject -j REJECT --reject-with icmp-port-unreachable 
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN 
-A syn_flood -j DROP 
-A web_monitor -m webmon --max_domains 300 --max_searches 300 
-A zone_lan -j input_lan 
-A zone_lan -j zone_lan_ACCEPT 
-A zone_lan_ACCEPT -o br-lan -j ACCEPT 
-A zone_lan_ACCEPT -i br-lan -j ACCEPT 
-A zone_lan_DROP -o br-lan -j DROP 
-A zone_lan_DROP -i br-lan -j DROP 
-A zone_lan_REJECT -o br-lan -j reject 
-A zone_lan_REJECT -i br-lan -j reject 
-A zone_lan_forward -j pf_loopback_B 
-A zone_lan_forward -i br-lan -o br-lan -j ACCEPT 
-A zone_lan_forward -j zone_wan_ACCEPT 
-A zone_lan_forward -j forwarding_lan 
-A zone_lan_forward -j zone_lan_REJECT 
-A zone_wan -p udp -m udp --dport 68 -j ACCEPT 
-A zone_wan -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A zone_wan -j input_wan 
-A zone_wan -j zone_wan_REJECT 
-A zone_wan_ACCEPT -o pppoe-wan -j ACCEPT 
-A zone_wan_ACCEPT -i pppoe-wan -j ACCEPT 
-A zone_wan_DROP -o pppoe-wan -j DROP 
-A zone_wan_DROP -i pppoe-wan -j DROP 
-A zone_wan_REJECT -o pppoe-wan -j reject 
-A zone_wan_REJECT -i pppoe-wan -j reject 
-A zone_wan_forward -j forwarding_wan 
-A zone_wan_forward -j zone_wan_REJECT 
COMMIT
# Completed on Fri Apr  6 11:31:36 2012
