iptables_setup.sh

#!/bin/bash

IFUP=/etc/network/if-up.d/iptables.sh
IFDOWN=/etc/network/if-down.d/iptables.sh
IPTABLES() {
  echo iptables $@ >&1 2>&1
  iptables $@
}


IPTABLES -P INPUT ACCEPT
IPTABLES -F INPUT
IPTABLES -P OUTPUT ACCEPT
IPTABLES -F OUTPUT

IPTABLES -P FORWARD DROP
IPTABLES -F FORWARD

IPTABLES -F DROP1 >/dev/null 2>/dev/null
IPTABLES -X DROP1 >/dev/null 2>/dev/null
IPTABLES -N DROP1

IPTABLES -F DROP2 >/dev/null 2>/dev/null
IPTABLES -X DROP2 >/dev/null 2>/dev/null
IPTABLES -N DROP2

IPTABLES -F TCP >/dev/null 2>/dev/null
IPTABLES -X TCP >/dev/null 2>/dev/null
IPTABLES -N TCP

IPTABLES -F UDP >/dev/null 2>/dev/null
IPTABLES -X UDP >/dev/null 2>/dev/null
IPTABLES -N UDP

IPTABLES -A DROP1 -j DROP
IPTABLES -A DROP2 -j DROP

IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
IPTABLES -A INPUT -m state --state INVALID -j DROP1
IPTABLES -A INPUT -i lo -j ACCEPT
IPTABLES -A INPUT -p tcp -j TCP
IPTABLES -A INPUT -p udp -j UDP

IPTABLES -A INPUT -p icmp -j ACCEPT

IPTABLES -A TCP -p tcp --dport ssh -j ACCEPT

IPTABLES -A TCP -p TCP --dport 80 -j ACCEPT
IPTABLES -A TCP -p TCP --dport 25 -j ACCEPT
IPTABLES -A TCP -p TCP --dport 587 -j ACCEPT

IPTABLES -P INPUT DROP

iptables-save > /etc/firewall.conf


for i in $IFUP $IFDOWN; do
  touch $i && chmod 744 $i
  echo >$i "#!/bin/bash"
  echo >>$i
done

echo >>$IFUP "iptables-restore < /etc/firewall.conf"
echo >>$IFDOWN "iptables-save > /etc/firewall.conf"