*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -m state --state NEW -i eth0 -s 10.1.1.0/24 -p tcp -m tcp --dport 22 -m comment --comment "Allow access to SSH-server" -j ACCEPT -A INPUT -m state --state NEW -i eth0 -s 10.1.0.0/13 -p icmp -m icmp --icmp-type 8 -m comment --comment "Allow ping" -j ACCEPT -A INPUT -m state --state NEW -i eth0 -s 10.1.1.0/24 -p tcp -m tcp --dport 80 -m comment --comment "Allow HTTP-access to Apache web-site" -j ACCEPT COMMIT