user@debo8:~$ sudo iptables-save
# Generated by iptables-save v1.4.21 on Wed Apr  8 10:54:11 2015
*nat
:PREROUTING ACCEPT [186:23737]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Wed Apr  8 10:54:11 2015
# Generated by iptables-save v1.4.21 on Wed Apr  8 10:54:11 2015
*mangle
:PREROUTING ACCEPT [56161:17340662]
:INPUT ACCEPT [54512:17086123]
:FORWARD ACCEPT [1648:253074]
:OUTPUT ACCEPT [54746:16444902]
:POSTROUTING ACCEPT [56394:16697976]
-A PREROUTING ! -d 213.245.127.195/32 -i p10p1 -j DROP
-A PREROUTING ! -s 192.168.0.0/16 ! -d 192.168.2.3/32 -i p9p1 -j DROP
-A PREROUTING ! -d 10.241.0.8/32 -i tun0 -j DROP
-A OUTPUT -s 213.245.127.195/32 -j MARK --set-xmark 0x1/0xffffffff
-A OUTPUT -s 64.15.65.114/32 -j MARK --set-xmark 0x3/0xffffffff
-A OUTPUT -s 192.168.2.3/32 -j MARK --set-xmark 0x4/0xffffffff
-A OUTPUT -d 64.15.65.123/32 -p udp -m udp --sport 23446 --dport 10000 -j MARK --set-xmark 0x2/0xffffffff
-A OUTPUT -d 130.211.92.240/32 -p udp -m udp --sport 23446 --dport 27652 -j MARK --set-xmark 0x1/0xffffffff
-A POSTROUTING -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Wed Apr  8 10:54:11 2015
# Generated by iptables-save v1.4.21 on Wed Apr  8 10:54:11 2015
*filter
:INPUT DROP [129:17592]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 10/sec -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m udp --dport 23446 -j ACCEPT
-A INPUT -i tun0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i p10p1 -j DROP
-A INPUT -p tcp -m tcp --dport 6697 -j ACCEPT
-A INPUT -i tun0 -j DROP
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i p10p1 -j DROP
-A FORWARD -o p10p1 -j DROP
-A FORWARD -d 192.168.0.0/16 -o p10p1 -j DROP
-A FORWARD -d 192.168.0.0/24 -o p9p1 -j DROP
-A FORWARD -s 192.168.2.0/24 -d 192.168.0.0/24 -i p9p1 -j ACCEPT
-A FORWARD -s 192.168.0.0/24 -d 192.168.2.0/24 -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -i tun0 -j DROP
-A FORWARD -d 192.168.0.0/16 -o tun0 -j DROP
-A FORWARD -s 192.168.0.0/16 -o tun0 -j ACCEPT
-A FORWARD -d 192.168.0.0/16 -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT
# Completed on Wed Apr  8 10:54:11 2015
user@debo8:~$