= iptables-save =
{{{
echo "drop ping and traceroute"
iptables -A INPUT -i eth0 -p icmp -s any/0 --icmp-type 8 -j DROP
iptables -A OUTPUT -o eth0 -p icmp --icmp-type 3 -d any/0 -j DROP
iptables -A OUTPUT -o eth0 -p icmp --icmp-type 11 -d any/0 -j DROP
}}}
{{{
# 11-04-17 : disable SYN attack - by Jazz
# Ref: http://forums.cpanel.net/f5/too-many-conns-fin_wait2-time_wait-status-49580.html
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP 
}}}