##下書き##
内部からのパケットのINPUTは許可。
ここで外部からpingおよびportscanでセキュリティホールがないかを確認すること。

# Generated by iptables-save v1.4.7 on Mon Apr 15 23:51:14 2013
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [441:93511]
:OUTPUT ACCEPT [158:97072]
-A INPUT -s 192.168.1.11/32 -j ACCEPT
-A INPUT -m state --state NEW -j LOG --log-prefix "Warning!"
#-A FORWARD -j LOG
COMMIT
# Completed on Mon Apr 15 23:51:14 2013
# Generated by iptables-save v1.4.7 on Mon Apr 15 23:51:14 2013
*nat
:PREROUTING ACCEPT [35959:2265677]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [410:28106]
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Mon Apr 15 23:51:14 2013