fw.sh

1. #!/bin/bash
2.  
3. # RESET RULES
4. iptables -F INPUT
5. iptables -F OUTPUT
6. iptables -F FORWARD
7. iptables -t nat -F
8. iptables -F
9. iptables -X
10. iptables -Z
11.  
12. # DEFAULT POLICY
13. iptables -P FORWARD DROP
14. iptables -P INPUT DROP
15. iptables -P OUTPUT DROP
16.  
17. # Enable only for a router
18. #iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
19.  
20. # MISC - Allow established connections
21. iptables -A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
22. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
23. iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
24.  
25. # MISC - Allow ping
26. iptables -A INPUT -p icmp -j ACCEPT
27. iptables -A OUTPUT -p icmp -j ACCEPT
28.  
29. # Uncomment only when above rules are tested and valid
30. #iptables-save