firewall.sh

#!/bin/bash

# clear rule
iptables -F
iptables -X
iptables -Z

# default policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# rules
# load modules
modprobe ip_conntrack
modprobe ip_conntrack_ftp 

# accept lo
iptables -A INPUT -i lo -j ACCEPT

# accept RELATED and ESTABLISHED
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# accept icmp
iptables -A INPUT -p icmp -j ACCEPT

# open some ports
open_tcp="20 21 22 139 445 4000"

open_udp="69 137 138"
	# 69: tftp

#source="-s 192.168.1.8"

for i in $open_tcp; do
	iptables -A INPUT $source -p TCP --dport $i -j ACCEPT
done

for i in $open_udp; do
	iptables -A INPUT $source -p udp --dport $i -j ACCEPT
done


# save
release=`cat /etc/os-release | awk -F '[=,"]+' '{print $2;exit}'`

case $release in
	Gentoo)
		/etc/init.d/iptables save;;

	Fedora)
		/usr/libexec/iptables/iptables.init save;;

	Red*)
		/etc/init.d/iptables save;;
esac