fwrules.sh 9-30-15

#!/bin/bash
#Firewall that protects an end host
#Copyright 2014, lee w toderick. all rights reserved.
#Students in ICTN4800 have permission to use and modify this code
#
# Flush all firewall rules
iptables -F
iptables -t nat -F
#
#Default rules
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT

# All traffic that is a response to traffic originating from this host must be allowed.
iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#Loopback interface lo has unrestricted access
iptables -A INPUT -i lo -j ACCEPT

#SSH allowed in from eth0
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -j ACCEPT

#Unrestricted access on eth2
iptables -A INPUT -i eth2 -j ACCEPT

#Reject everything else
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

#Forward rejected traffic
iptables -A FORWARD -i eth0 -j REJECT

#Something
iptables -I INPUT -s 172.16.0.4 -i eth1 -p tcp --dport 22 -m state --state NEW -j ACCEPT

iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

iptables -I FORWARD -s 172.16.0.4 -m state --state NEW -j ACCEPT

iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -t nat -I PREROUTING -d 10.0.0.2 -i eth0 -p tcp --dport 80 -j DNAT --to-destination 172.16.0.3

iptables -t nat -I PREROUTING -d 10.0.0.2 -i eth0 -p tcp --dport 443 -j DNAT --to-destination 172.16.0.3

iptables -I FORWARD -p tcp --dport 80 -d 172.16.0.3 -j ACCEPT

iptables -I FORWARD -p tcp --dport 443 -d 172.16.0.3 -j ACCEPT

iptables -t nat -I PREROUTING -d 10.0.0.2 -i eth0 -p tcp --dport 21 -m state --state NEW,RELATED,ESTABLISHED -j DNAT --to-destination 172.16.0.2

iptables -I FORWARD -d 172.16.0.2 -i eth0 -p tcp --dport 21 -j ACCEPT


#Save rules
service iptables save