iptables -A INPUT -i $EXTERNAL_INTERFACE -s xxx.yyy.zzz.0/24 -d $BROADCAST_NET -j DROP
iptables -A INPUT -i $EXTERNAL_INTERFACE -s 111.222.111.241 -p TCP -j REJECT