>iptables-save

посмотрите - может предложите чтото?
-A INPUT -i ppp0 -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -i ppp0 -p icmp -m icmp --icmp-type 3 -j DROP
-A INPUT -i ppp0 -p icmp -m icmp --icmp-type 4 -j DROP
-A INPUT -i ppp0 -p icmp -m icmp --icmp-type 11 -j DROP
-A INPUT -i ppp0 -p icmp -m icmp --icmp-type 12 -j DROP
-A INPUT -i ppp0 -p icmp -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP(other) flood: " --log-level 6
-A INPUT -i ppp0 -p icmp -j DROP
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -m limit --limit 1/sec -j LOG --log-prefix "Dropped INPUT packet: " --log-level 6
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -p icmp -m icmp --icmp-type 8 -m state --state INVALID -m limit --limit 1/min --limit-burst 2 -j LOG --log-prefix "IN
-A FORWARD -p icmp -m icmp ! --icmp-type 8 -m state --state INVALID -m limit --limit 1/min --limit-burst 2 -j LOG --log-prefix "
-A FORWARD -p ! icmp -m state --state INVALID -m limit --limit 1/min --limit-burst 2 -j LOG --log-prefix "INVALID FORWARD packet
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j SPOOF_CHECK
-A FORWARD -i ppp0 -j VALID_CHECK
-A FORWARD -i ppp0 -j RESERVED_NET_CHECK
-A FORWARD -i ppp0 -o ! ppp0 -j ACCEPT
-A FORWARD -m limit --limit 1/sec -j LOG --log-prefix "Dropped FORWARD packet: " --log-level 6
-A FORWARD -j DROP
-A FORWARD -s 192.0.0.0/255.0.0.0 -i eth1 -o tun0 -j ACCEPT
-A FORWARD -s 192.0.0.0/255.0.0.0 -i tun0 -o eth1 -j ACCEPT
-A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -f -m limit --limit 3/min -j LOG --log-prefix "FRAGMENTED PACKET (OUT): " --log-level 6
-A OUTPUT -f -j DROP