Iptables

1. #!/bin/bash
2. # Flush
3. iptables -t nat -F
4. iptables -t mangle -F
5. iptables -F
6. iptables -X
7.  
8. # Block All
9. iptables -P OUTPUT DROP
10. iptables -P INPUT DROP
11. iptables -P FORWARD DROP
12.  
13. # allow Localhost
14. iptables -A INPUT -i lo -j ACCEPT
15. iptables -A OUTPUT -o lo -j ACCEPT
16.  
17. # Make sure you can communicate with any DHCP server
18. iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
19. iptables -A INPUT -s 255.255.255.255 -j ACCEPT
20.  
21. # CHANGED Make sure that you can communicate within your own network. CHANGE 192.168.50.0/24 TO YOUR LOCAL NETWORK
22. iptables -A INPUT -s #.#.#.#/24 -d #.#.#.#/24 -j ACCEPT
23. iptables -A OUTPUT -s #.#.#.#/24 -d 192.168.50.0/24 -j ACCEPT
24.  
25. # Allow established sessions to receive traffic:
26. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
27.  
28. # CHANGED Allow TUN. MAKE SURE YOUR INTERFACE IS CALLED wg-something. THE WG+ IS A WILDCARD.
29. iptables -A INPUT -i wg+ -j ACCEPT
30. iptables -A FORWARD -i wg+ -j ACCEPT
31. iptables -A FORWARD -o wg+ -j ACCEPT
32. iptables -t nat -A POSTROUTING -o wg+ -j MASQUERADE
33. iptables -A OUTPUT -o wg+ -j ACCEPT
34.  
35. #CHANGED allow VPN connection. MAKE SURE THE WIREGUARD PORT IS CORRECT, MINE IS 1337
36. iptables -I OUTPUT 1 -p udp --destination-port 1337 -m comment --comment "Allow VPN connection" -j ACCEPT
37.  
38. # Block All
39. iptables -A OUTPUT -j DROP
40. iptables -A INPUT -j DROP
41. iptables -A FORWARD -j DROP
42.  
43. # Log all dropped packages, debug only.
44.  
45. iptables -N logging
46. iptables -A INPUT -j logging
47. iptables -A OUTPUT -j logging
48. iptables -A logging -m limit --limit 2/min -j LOG --log-prefix "IPTables general: " --log-level 7
49. iptables -A logging -j DROP
50.  
51. echo "saving"
52. iptables-save > /etc/iptables.rules
53. echo "done"
54. #echo 'openVPN - Rules successfully applied, we start "watch" to verify IPtables in realtime (you can cancel it as usual CTRL + c)'
55. #sleep 3
56. #watch -n 0 "sudo iptables -nvL"