*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:UVAfw - [0:0]
-A INPUT -i lo -j ACCEPT 
-A INPUT -j UVAfw 
# allow replies on established outbound connections
-A UVAfw -m state --state RELATED,ESTABLISHED -j ACCEPT 
# UVa network - allow ssh
-A UVAfw -s 128.143.0.0/16 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# UVa More Secure Network, UVa Health System networks - allow ssh
-A UVAfw -s 137.54.0.0/16 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# UVa Housing networks - allow ssh
-A UVAfw -s 199.111.160.0/19 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A UVAfw -s 199.111.192.0/18 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# accept anything from home1.virginia.edu addresses
-A UVAfw -s 128.143.22.252/32 -j ACCEPT
# uncomment following to accept http and https from any network address
#-A UVAfw -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
#-A UVAfw -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
#
# discard any other packets
-A UVAfw -j DROP 
COMMIT