echo "[x] Flushing existing iptables rules..."$IPTABLES -F #flu

1. echo "[x] Flushing existing iptables rules..."
2. $IPTABLES -F                #flush all rules in the filter table
3. $IPTABLES -F -t nat         #flush all rules in the nat tables
4. $IPTABLES -X                #remove all chains outside of the default chains
5. $IPTABLES -P INPUT DROP     #Set default target for INPUT chain
6. $IPTABLES -P OUTPUT DROP    #Set default target for OUTPUT chain
7. $IPTABLES -P FORWARD DROP   #Set default target for FORWARD chain
8.  
9. ######### INPUT chain   ###########
10. echo "[x] Setting up INPUT chain..."
11.  
12. $IPTABLES -A INPUT -m state --state INVALID -j LOG --log-prefix "DROP INVALID " --log-ip-options --log-tcp-options
13. $IPTABLES -A INPUT -m state --state INVALID -j DROP
14. $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
15.  
16. ### anti-spoofing rules ###
17.  
18. #$IPTABLES -A INPUT -i $LAN ! -s  $INT_NET -j LOG --log-prefix "SPOOFED PKT "
19. #$IPTABLES -A INPUT -i $LAN ! -s  $INT_NET -j DROP
20.  
21. ### ACCEPT rules ###
22.  
23. $IPTABLES -I INPUT \! --src 12.96.160.84 -m tcp -p tcp --dport 80 -j DROP
24. #$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
25. $IPTABLES -A INPUT -p tcp --dport 2345 -j ACCEPT
26. $IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT
27. $IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
28.  
29.  
30.  
31. ##default INPUT LOG rule ###
32. $IPTABLES -A INPUT  -j LOG --log-prefix "MISC DROP " --log-ip-options --log-tcp-options
33.  
34. ######### END INPUT CHAIN ##########
35.  
36.  
37. ######## OUTPUT CHAIN #########
38.  
39. echo "[x] Setting up OUTPUT chain..."
40.  
41. ### state tracking rules ###
42.  
43. $IPTABLES -A OUTPUT -m state --state INVALID -j LOG --log-prefix "DROP INVALID  " --log-ip-options --log-tcp-options
44. $IPTABLES -A OUTPUT -m state --state INVALID -j DROP
45. $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
46.  
47. ### ACCEPT rules for allowing connections out  ####
48. ### These would be the only ports that could also be port scanned???##
49.  
50. $IPTABLES -A OUTPUT -p tcp --syn --dport 21  -m state --state NEW -j ACCEPT
51. $IPTABLES -A OUTPUT -p tcp --syn --dport 2345  -m state --state NEW -j ACCEPT
52. $IPTABLES -A OUTPUT -p tcp --syn --dport 80 -m state --state NEW -j ACCEPT
53. $IPTABLES -A OUTPUT -p tcp --syn --dport 443 -m state --state NEW -j ACCEPT
54. $IPTABLES -A OUTPUT -p tcp --syn --dport 22  -m state --state NEW -j ACCEPT
55. $IPTABLES -A OUTPUT -p tcp --syn --dport 43  -m state --state NEW -j ACCEPT
56. $IPTABLES -A OUTPUT -p tcp --syn  --dport 25 -m state --state NEW -j ACCEPT
57. $IPTABLES -A OUTPUT -p udp --dport 53  -m state --state NEW -j ACCEPT
58. $IPTABLES -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
59.  
60. ### default OUTPUT LOG rule ####
61. $IPTABLES -A OUTPUT ! -o lo -j LOG --log-prefix "MISC DROP " --log-ip-options --log-tcp-options