hab mir selber "per hand noch nie ein rulset gebaut...
benutze immer nen script dazu...
http://www.pointman.org/
ist auf ipchainsbasis wär glaub ich ganz gut für nen beispiel rulset...
einfach mal testen
###########################
This firewall should work for most Workstations, Servers and Dual NIC routers using either a dialup, DSL, Cable or LAN setup. It is restrictive to outside attacks while still being transparent to those inside.
Autodetection of the IP Address and Netmask of each interface.
Blocking of NetBIOS, NetBUS, Back Orifice and Samba attacks.
Protection against IP Spoofing Attacks.
Logging of DENY packets.
Manipulation of TOS bits of the packet for optomizing transfers. You must have CONFIG_IP_ROUTE_TOS enabled in your kernel for this to be effective.
Masquerading support is decided during install.
Your own custom rules can be added to the pmfirewall.rules.local file.
##################################