Your server with firewall is connected to the Internet by eth0 network interface and to the local network (10.0.xxx.xxx) by the eth1 network interface. Configure a Linux firewall (and put the configuration bash-like script for “iptables” into IS) to:

1)	A allow only Ethernet packets from your router, let's say with MAC address 00-0C-F1-56-98-AD. [1 point]
2)	Deny all incoming traffic (to eth0) with spoofed IP addresses (i.e., traffic from Internet that looks like traffic from internal network etc.). [1 point]
3)	Deny all other incoming traffic/connections from Internet with the exception of connections from Faculty of Informatics Masaryk University (147.251.xxx.xxx). [2 point]
4)	Deny all outgoing connections to destination FTP ports with the exception of ftp server on FI MU (147.251.48.205). [1 point]
5)	Deny all incoming connections to Telnet/SSH ports. [1 point]
6)	Drop a ping command (corresponding ICMP message) if it comes more often then once per 1 minute (set the burst-rate to 10). [2 point]
7)	Drop ICMP if the destination address is broadcast address of internal network. [2 point]

Choose properly what you are allowing/blocking/dropping on a particular network interface.