A sample linux iptables configuration file with example of Input , forward and output chain and a forwarding rule using NAT.# Generated by iptables-save
*nat
:PREROUTING ACCEPT [95879495:41169618280]
:POSTROUTING ACCEPT [108901633:383143482754]
:OUTPUT ACCEPT [108901761:383143490150]
# NAT rule to route traffic from one port to another
-A PREROUTING -i eth0 -p tcp -m tcp --dport 1234 -j DNAT --to-destination 10.20.30.40:1234
COMMIT
# Generated by iptables-save v1.3.5
:INPUT ACCEPT [457337:38416223]
:FORWARD ACCEPT [556:36240]
:OUTPUT ACCEPT [358730:14631762]
-A INPUT -s 10.102.1.1/255.255.255.248 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 14531 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -s 69.254.0.0/255.255.0.0 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 0:1023 -j REJECT --reject-with icmp-port-unreachable
# To accept the packets for forwarding
-A FORWARD -i eth0 -j ACCEPT
-A OUTPUT -s 127.0.0.1 -j ACCEPT
-A OUTPUT -d 10.30.40.50 -j ACCEPT
-A OUTPUT -d 20.45.55.65 -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -d 34.35.36.34 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -s 69.254.0.0/255.255.0.0 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -d 127.0.0.1 -j ACCEPT
-A OUTPUT -j LOG --log-prefix "IPTABLES-OUT Default Drop: " --log-level 7
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
COMMIT