The ongoing Firewall Saga! (Victims - I mean volunteers - wanted!)

Rob, She be running nicely now!

Version 13.0.1.9

 # Generated by iptables-save v1.4.7 on Wed Sep 23 20:07:39 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1953:813083]
:fail2ban-BadBots - [0:0]
:fail2ban-FTP - [0:0]
:fail2ban-SIP - [0:0]
:fail2ban-SSH - [0:0]
:fail2ban-apache-auth - [0:0]
:fail2ban-recidive - [0:0]
:fpbxfirewall - [0:0]
:fpbxinterfaces - [0:0]
:fpbxknownreg - [0:0]
:fpbxlogdrop - [0:0]
:fpbxnets - [0:0]
:fpbxregistrations - [0:0]
:fpbxrfw - [0:0]
:fpbxsignalling - [0:0]
:fpbxsmarthosts - [0:0]
:fpbxsvc-chansip - [0:0]
:fpbxsvc-ftp - [0:0]
:fpbxsvc-http - [0:0]
:fpbxsvc-https - [0:0]
:fpbxsvc-iax - [0:0]
:fpbxsvc-nfs - [0:0]
:fpbxsvc-pjsip - [0:0]
:fpbxsvc-provis - [0:0]
:fpbxsvc-restapps - [0:0]
:fpbxsvc-smb - [0:0]
:fpbxsvc-ssh - [0:0]
:fpbxsvc-tftp - [0:0]
:fpbxsvc-ucp - [0:0]
:fpbxsvc-webrtc - [0:0]
:fpbxsvc-xmpp - [0:0]
:zone-external - [0:0]
:zone-internal - [0:0]
:zone-other - [0:0]
:zone-reject - [0:0]
:zone-trusted - [0:0]
-A INPUT -j fpbxfirewall
-A INPUT -p tcp -m multiport --dports 21 -j fail2ban-FTP
-A INPUT -p tcp -m multiport --dports 80 -j fail2ban-apache-auth
-A INPUT -j fail2ban-SIP
-A INPUT -j fail2ban-SIP
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-SSH
-A INPUT -j fail2ban-recidive
-A INPUT -p udp -m udp --dport 69 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21 -j fail2ban-FTP
-A INPUT -p tcp -m multiport --dports 80 -j fail2ban-apache-auth
-A INPUT -j fail2ban-SIP
-A INPUT -j fail2ban-SIP
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-SSH
-A INPUT -j fail2ban-recidive
-A fail2ban-BadBots -j RETURN
-A fail2ban-FTP -j RETURN
-A fail2ban-SIP -j RETURN
-A fail2ban-SIP -j RETURN
-A fail2ban-SIP -j RETURN
-A fail2ban-SSH -j RETURN
-A fail2ban-apache-auth -j RETURN
-A fail2ban-recidive -j RETURN
-A fpbxfirewall -i lo -j ACCEPT
-A fpbxfirewall -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fpbxfirewall -p udp -m udp --sport 1:1024 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fpbxfirewall -p icmp -j ACCEPT
-A fpbxfirewall -d 255.255.255.255/32 -j ACCEPT
-A fpbxfirewall -m pkttype --pkt-type multicast -j ACCEPT
-A fpbxfirewall -p udp -m udp --dport 10000:20000 -j ACCEPT
-A fpbxfirewall -p tcp -m tcp --dport 22 -j ACCEPT
-A fpbxfirewall -j fpbxsignalling
-A fpbxfirewall -j fpbxsmarthosts
-A fpbxfirewall -j fpbxregistrations
-A fpbxfirewall -j fpbxnets
-A fpbxfirewall -j fpbxinterfaces
-A fpbxfirewall -m mark --mark 0x2/0x2 -j fpbxrfw
-A fpbxfirewall -j fpbxlogdrop
-A fpbxinterfaces -i eth0 -j zone-trusted
-A fpbxinterfaces -i wlan0 -j zone-trusted
-A fpbxknownreg -m mark --mark 0x1/0x1 -j ACCEPT
-A fpbxknownreg -j fpbxsvc-ucp
-A fpbxlogdrop -j LOG --log-prefix "logdrop: "
-A fpbxlogdrop -j REJECT --reject-with icmp-port-unreachable
-A fpbxnets -s 192.xxx.x.xxx/24 -j zone-trusted
-A fpbxnets -s 192.xxx.x.xxx/16 -j zone-trusted
-A fpbxregistrations -s 192.xxx.x.xxx/32 -j fpbxknownreg
-A fpbxregistrations -s 192.xxx.x.xxx/32 -j fpbxknownreg
-A fpbxregistrations -s 192.xxx.x.xxx/32 -j fpbxknownreg
-A fpbxregistrations -s 216.115.69.144/32 -j fpbxknownreg
-A fpbxrfw -m recent --rcheck --seconds 60 --hitcount 11 --name SIGNALLING --rsource -j fpbxlogdrop
-A fpbxrfw -m recent --set --name SIGNALLING --rsource
-A fpbxrfw -m recent --set --name REPEAT --rsource
-A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 100 --name REPEAT --rsource -j fpbxlogdrop
-A fpbxrfw -j ACCEPT
-A fpbxsignalling -p udp -m udp --dport 5061 -j MARK --set-xmark 0x3/0x0
-A fpbxsvc-chansip -p udp -m udp --dport 5061 -j ACCEPT
-A fpbxsvc-chansip -p tcp -m tcp --dport 9877 -j ACCEPT
-A fpbxsvc-ftp -p tcp -m tcp --dport 21 -j ACCEPT
-A fpbxsvc-http -p tcp -m tcp --dport 80 -j ACCEPT
-A fpbxsvc-https -p tcp -m tcp --dport 443 -j ACCEPT
-A fpbxsvc-iax -p udp -m udp --dport 4569 -j ACCEPT
-A fpbxsvc-nfs -j RETURN
-A fpbxsvc-pjsip -p udp -m udp --dport 5060 -j ACCEPT
-A fpbxsvc-pjsip -p tcp -m tcp --dport 9876 -j ACCEPT
-A fpbxsvc-provis -p tcp -m tcp --dport 84 -j ACCEPT
-A fpbxsvc-restapps -p tcp -m tcp --dport 85 -j ACCEPT
-A fpbxsvc-smb -p udp -m udp --dport 137 -j ACCEPT
-A fpbxsvc-smb -p udp -m udp --dport 138 -j ACCEPT
-A fpbxsvc-smb -p tcp -m tcp --dport 139 -j ACCEPT
-A fpbxsvc-smb -p tcp -m tcp --dport 445 -j ACCEPT
-A fpbxsvc-ssh -p tcp -m tcp --dport 22 -j ACCEPT
-A fpbxsvc-tftp -p udp -m udp --dport 69 -j ACCEPT
-A fpbxsvc-ucp -p tcp -m tcp --dport 81 -j ACCEPT
-A fpbxsvc-webrtc -p tcp -m tcp --dport 8088 -j ACCEPT
-A fpbxsvc-xmpp -p tcp -m tcp --dport 5222 -j ACCEPT
-A zone-external -j fpbxsvc-xmpp
-A zone-internal -j fpbxsvc-ssh
-A zone-internal -j fpbxsvc-http
-A zone-internal -j fpbxsvc-https
-A zone-internal -j fpbxsvc-ucp
-A zone-internal -j fpbxsvc-pjsip
-A zone-internal -j fpbxsvc-chansip
-A zone-internal -j fpbxsvc-iax
-A zone-internal -j fpbxsvc-provis
-A zone-internal -j fpbxsvc-restapps
-A zone-internal -j fpbxsvc-xmpp
-A zone-internal -j fpbxsvc-ftp
-A zone-internal -j fpbxsvc-tftp
-A zone-other -j fpbxsvc-provis
-A zone-other -j fpbxsvc-xmpp
-A zone-reject -j fpbxsvc-webrtc
-A zone-reject -j fpbxsvc-nfs
-A zone-reject -j fpbxsvc-smb
-A zone-trusted -j ACCEPT
COMMIT
# Completed on Wed Sep 23 20:07:39 2015