general-in () {
        #Allow localhost.
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -i lo -j ACCEPT

        ## Allow established connection
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -m state --state ESTABLISHED,RELATED -j ACCEPT

        ## Drop scans XMAS and NULL
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp --tcp-flags ALL ALL -j DROP
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp --tcp-flags ALL NONE -j DROP
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

        ## Silent drop broadcast
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -m pkttype --pkt-type broadcast -j DROP

        # Allow pings
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p icmp -j ACCEPT

        # Allow incoming to servers
        # DNS
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p udp -i ${INTERFACE} --dport 53 -j ACCEPT
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 53 -j ACCEPT

        # SSH
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 22 -j ACCEPT

        # HTTP
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 80 -j ACCEPT
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 443 -j ACCEPT

        # SMTP
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 25 -j ACCEPT
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 465 -j ACCEPT
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 587 -j ACCEPT

        # FTP
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 21 -j ACCEPT
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 20 -j ACCEPT
        #${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT

        # POP
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 110 -j ACCEPT
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 995 -j ACCEPT

        # IMAP
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 143 -j ACCEPT
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 993 -j ACCEPT

	# SIEVE
	# ${IPTABLES} -A ${GENERAL_IN_CHAIN} -p tcp -i ${INTERFACE} --dport 2000 -j ACCEPT

        ## Log incoming traffic
        ${IPTABLES} -A ${GENERAL_IN_CHAIN} -m limit --limit 5/min -j LOG --log-prefix '** Incoming **' --log-level 7

        ## Drop incomming traffic
        ${IPTABLES} -P INPUT DROP
}
general-out () {
	#Allow localhost.
        ${IPTABLES} -A ${GENERAL_OUT_CHAIN} -i lo -j ACCEPT

        ## Allow all except invalid state
        ${IPTABLES} -A ${GENERAL_OUT_CHAIN} -m state ! --state INVALID -j ACCEPT

        # Drop outgoing traffic
        ${IPTABLES} -P OUTPUT DROP
}
general-for () {
        ## Log outgoing traffic
        ${IPTABLES} -A ${GENERAL_FOR_CHAIN} -m limit --limit 5/min -j LOG --log-prefix '** Forward **' --log-level 7

        ## Drop forward traffic
        ${IPTABLES} -P FORWARD DROP
}
