*filter
:WORMBLOCK -
:DENY-MS-WORM -

-A WORMBLOCK -p tcp -m tcp --dport 135:139 -j DENY-MS-WORM
-A WORMBLOCK -p udp -m udp --dport 135:139 -j DENY-MS-WORM
-A WORMBLOCK -p tcp -m tcp --dport 445 -j DENY-MS-WORM
-A WORMBLOCK -p udp -m udp --dport 445 -j DENY-MS-WORM

-A DENY-MS-WORM -m recent --update --seconds 600 -j DROP
-A DENY-MS-WORM -m recent --set -j LOG --log-prefix "<6> abuse-microsoft: "
-A DENY-MS-WORM -j DROP

-A FORWARD -j WORMBLOCK

COMMIT