#!/bin/bash -x

IPTABLES=/sbin/iptables
EXTERNAL=eth0
INTERNAL=eth1

# reset/clear rules
$IPTABLES -F

# NAT
$IPTABLES -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE

$IPTABLES -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t filter -A INPUT -p icmp -j ACCEPT
$IPTABLES -t filter -A INPUT -i lo -j ACCEPT
$IPTABLES -t filter -A INPUT -j LOG --log-level 7 --log-prefix "INPUT DENIED - "
$IPTABLES -t filter -A INPUT -j REJECT
$IPTABLES -t filter -A FORWARD -i eth1 -o $EXTERNAL -j ACCEPT

$IPTABLES -t filter -A OUTPUT -j ACCEPT
$IPTABLES -t filter -A OUTPUT -o lo -j ACCEPT
$IPTABLES -t filter -A OUTPUT -o eth0 -j ACCEPT
$IPTABLES -t filter -A OUTPUT -j LOG --log-level 7 --log-prefix "OUTPUT REJECT - "