cat /etc/network/iptables.up.rules
# Generated by iptables-save v1.6.0 on Mon Nov 21 11:26:13 2016 *nat :PREROUTING ACCEPT [56:3590] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [45:3096] :POSTROUTING ACCEPT [45:3096] -A POSTROUTING -s 10.86.2.0/24 -o ppp0 -j MASQUERADE COMMIT # Completed on Mon Nov 21 11:26:13 2016 # Generated by iptables-save v1.6.0 on Mon Nov 21 11:26:13 2016 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2344:488301] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p udp -m udp --dport 123 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -s 10.86.2.0/24 -j ACCEPT -A FORWARD -d 10.86.2.0/24 -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Mon Nov 21 11:26:13 2016 # Generated by iptables-save v1.6.0 on Mon Nov 21 11:26:13 2016 *mangle :PREROUTING ACCEPT [5378:7270822] :INPUT ACCEPT [2077:5734236] :FORWARD ACCEPT [3301:1536586] :OUTPUT ACCEPT [2344:488301] :POSTROUTING ACCEPT [5645:2024887] -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu COMMIT # Completed on Mon Nov 21 11:26:13 2016