看一下我的iptables有什么问题

tian1118

cat /etc/sysconfig/iptables
*nat
REROUTING ACCEPT [247]
OSTROUTING ACCEPT [209]
:OUTPUT ACCEPT [209]
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth1 -j SNAT --to-source 61.133.202.70
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -j MASQUERADE
COMMIT

*filter
:INPUT DROP [1083]
:FORWARD ACCEPT [23305]
:OUTPUT ACCEPT [1568]

#禁止IP,发现以下IP老是ssh我
-A INPUT -s 219.150.13.170 -j DROP
-A INPUT -s 220.115.251.1 -j DROP
-A INPUT -s 211.115.68.55 -j DROP
-A INPUT -s 211.171.255.196 -j DROP

#禁止ping我
-A INPUT -p icmp -j DROP

#服务器本身可以访问外网
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#开以下端口服务
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

COMMIT