GNU/Linux Firewall - Default rules

firewall.sh

#!/bin/bash

# ****************************************************************
# IPTables path
# ****************************************************************

IPT=/sbin/iptables

# ****************************************************************
# Remove/Erase old rules
# ****************************************************************

$IPT -F
$IPT -X
$IPT -Z

$IPT -t nat -F
$IPT -t nat -X
$IPT -t nat -Z

# ****************************************************************
# By default policy:
# ALLOW Output
# DENY Input & Forward
# ****************************************************************

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP

# ****************************************************************
# ALLOW Input from `Local Host`
# ****************************************************************

$IPT -A INPUT -i lo -j ACCEPT

# ****************************************************************
# ALLOW Input just if it is a response from one of our requests
# ****************************************************************

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT