Simple IPv4 firewall

1. #!/bin/bash
2.  
3. WAN="eth0"
4. LAN="eth1"
5.  
6. echo 1 > /proc/sys/net/ipv4/ip_forward
7.  
8. echo 1 > /proc/sys/net/ipv4/tcp_syncookies
9.  # TCP SYN Cookie Protection
10.  
11. iptables -F
12. iptables -t nat -F
13. iptables -t mangle -F
14. iptables -X
15.  
16. iptables -P INPUT DROP
17. iptables -P OUTPUT ACCEPT
18. iptables -P FORWARD DROP
19.  
20. iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
21.     #NAT
22.  
23. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
24. iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
25.  
26. iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
27.  
28. iptables -A INPUT -i $LAN -j ACCEPT
29. iptables -A FORWARD -i $LAN -o $LAN -j ACCEPT
30.  
31. iptables -A INPUT -i lo -j ACCEPT
32. iptables -A OUTPUT -o lo -j ACCEPT
33.     #loopback
34.  
35. iptables -A INPUT -p icmp -j ACCEPT
36. iptables -A OUTPUT -p icmp -j ACCEPT
37. iptables -A FORWARD -p icmp -j ACCEPT
38.     #icmp
39.  
40. iptables -A INPUT -i $WAN -j REJECT
41.  
42. iptables -A INPUT -m state --state INVALID -j DROP
43.  
44. iptables -A INPUT -j REJECT --reject-with icmp-admin-prohibited