iptables 
How To william ic

-A              INPUT,OUTPUT,FORWARD (abaixo de tudo)
-I              INPUT,OUTPUT,FORWARD (acima de tudo)
-p              tcp,udp
--dport         1-65000 ou 22
--sport         1-65000 ou 22
-i              eth0,1,...
-o              eth0,1,...
-j              ACCEPT,DROP,LOG,DNAT,SNAT
-d              0.0.0.0 a 255.255.255.255 /0 a 32
-s              0.0.0.0 a 255.255.255.255 /0 a 32
-m state --state NEW,ESTABLISHED,RELATED

-t              NAT
-A              POSTROUTING,PREROUNTING
-I              POSTROUTING,PREROUNTING

-N              <CHAIN> (nome nova chain)
-A              <CHAIN>
-I              <CHAIN>
-j              <CHAIN>


** NAT

## ETH1 rede privada Interno
## ETH0 INTERNET

iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT 
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 


iptables -L --line-numbers
iptables -D INPUT 3
OR
iptables -t nat -D POSTROUTING 1 

http://www.students.ic.unicamp.br/~william/people/router-nat/iptables.html

# IPv6 : bloqueando mais do que 4 novas conexão no periodo de 60 segundos:

ip6tables -N LOGDROP
ip6tables -A LOGDROP -j LOG
ip6tables -A LOGDROP -j DROP
ip6tables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
ip6tables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent  --update --seconds 60 --hitcount 4 -j LOGDROP