*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MY-INPUT-SSH - [0:0]

#-- Begin the default INPUT table --
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 


#--ssh: Special SSH service table --
-A MY-INPUT-SSH -j LOG --log-prefix " --INCOMING SSH: "
#--ssh: always allow loopback
-A MY-INPUT-SSH -s 127.0.0.1 -j ACCEPT
#--ssh: crimson.its.lsu.edu, clover, over
-A MY-INPUT-SSH -s 192.16.176.76 -j ACCEPT
-A MY-INPUT-SSH -s 192.16.176.77 -j ACCEPT
-A MY-INPUT-SSH -s 204.90.37.20 -j ACCEPT
#--ssh: trust LSU main subnet
-A MY-INPUT-SSH -s 130.39.0.0/16 -j ACCEPT
#--ssh: trust LSU wireless
-A MY-INPUT-SSH -s 167.96.0.0/17 -j ACCEPT
#--ssh: trust LSU provate
-A MY-INPUT-SSH -s 10.0.0.0/8 -j ACCEPT
#--ssh: need to add LONI subnets and HPC subnets
#--ssh: associate rules with port
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j MY-INPUT-SSH


#-- Allow some exceptions (unrestricted access) --
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m state --state NEW -m icmp --icmp-type any -j ACCEPT


#--Management: Various management servers/ports
#--Management: func
-A INPUT -s func.hpc.lsu.edu -p tcp -m state --state NEW -m tcp --dport 51234 -j ACCEPT
#--Management: xymon
-A INPUT -s xymonserver1.hpc.lsu.edu -j ACCEPT
-A INPUT -s xymonserver2.hpc.lsu.edu -j ACCEPT


#--Services: Pass each service/port over to the table, where each IP/subnet is enumerated per port--
#--Services: http and https
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
#--Services: ntp
-A INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT


#-- Allow all outgoing traffic from this machine --
-A OUTPUT -j ACCEPT

COMMIT