IPCHAINS Rulesets: please share your favorites

[Bill Horne]

Thanks for reading this:

I've just implemented IPCHAINS on my server, and am using it for 
all net traffic.

Please share your favorite rulesets:  which spamhouses to block, 
how to prevent probing, whatever.

Thanks in advance.

So far, here's what I have in place:

:input ACCEPT
:forward MASQ
:output ACCEPT
-A input -s 165.87.13.129/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT		nameserver
-A input -s 165.87.201.244/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT		nameserver
-A input -s 192.168.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 -i ppp0 
-j REJECT -l	IP Spoofing
-A input -s 0.0.0.0/0.0.0.0 80:80 -d 0.0.0.0/0.0.0.0 -p 6 -j 
ACCEPT		web OK
-A input -s 0.0.0.0/0.0.0.0 80:80 -d 0.0.0.0/0.0.0.0 -p 17 -j 
ACCEPT		web OK
-A input -s 32.97.166.5/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT		pop server
-A input -s 32.97.166.31/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT		smtp server
-A input -s 32.97.166.32/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT			"
-A input -s 32.97.166.34/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT			"
-A input -s 32.97.166.35/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT			"
-A input -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 
-j ACCEPT	Local lan OK
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j REJECT 
-l				Reject all else

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).