#! /bin/bashIPT="/sbin/iptables"#Flush all rules and remove chains

1. #! /bin/bash
2.  
3. IPT="/sbin/iptables"
4.  
5.  
6. #Flush all rules and remove chains
7.  
8. $IPT -F
9. $IPT -X
10.  
11. #Block access by default
12.  
13. $IPT -P INPUT DROP
14. $IPT -P FORWARD DROP
15. $IPT -P OUTPUT DROP
16.  
17. #List of ports
18.  
19. TCP_PORTS="47,1723,2121"
20.  
21. #Allow packets for loopback interface
22.  
23. $IPT -A INPUT -i lo -j ACCEPT
24. $IPT -A OUTPUT -o lo -j ACCEPT
25.  
26. #Allow packets for established connection
27.  
28. $IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
29.  
30. #Allow packets for outgoing connections
31.  
32. #$IPT -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
33. $IPT -A OUTPUT -j ACCEPT
34.  
35. #Allow ports
36. $IPT -A INPUT -p tcp -m multiport --dport $TCP_PORTS -j ACCEPT
37. $IPT -A INPUT -i eth0 -p gre -j ACCEPT
38. $IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
39.  
40. #Allow outgoing ping
41. $IPT -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT