*nat
:PREROUTING ACCEPT
:INPUT ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
-A POSTROUTING -o eth2 -j MASQUERADE
COMMIT
#
*mangle
:PREROUTING ACCEPT
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
COMMIT
#
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
-A FORWARD -o eth2 -p udp --sport 67 -j DROP
:OUTPUT ACCEPT
-A OUTPUT  -o eth2 -p udp --sport 67 -j DROP
COMMIT
