firewall_sample

#!/bin/sh
WAN=eth0

iptables -F
iptables -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT


#  DEFAULT POLICY IS DROP
iptables -P INPUT DROP
#iptables -P INPUT ACCEPT
iptables -F INPUT

iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmt

#loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#vpn
#iptables -A INPUT -i $VPN -j ACCEPT
#start with SYN!
iptables -A INPUT -p tcp ! --syn -m state --state NEW -s 0.0.0.0/0 -j ACCEPT

#############INPUT################

# ICMP messages
iptables -A INPUT -p ICMP -j ACCEPT
# DNS
iptables -A INPUT -p tcp --source-port 53 -j ACCEPT
iptables -A INPUT -p udp --source-port 53 -j ACCEPT
# SSH
iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp --source-port 22 -j ACCEPT
# HTTP/S
iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT
iptables -A INPUT -p tcp --source-port 80 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 443 -j ACCEPT
iptables -A INPUT -p tcp --source-port 443 -j ACCEPT
# SMTP
#iptables -A INPUT -p tcp --destination-port 25 -j ACCEPT
#iptables -A INPUT -p tcp --destination-port 465 -j ACCEPT
#iptables -A INPUT -p tcp --source-port 587 -j ACCEPT
#iptables -A INPUT -p tcp --source-port 25 -j ACCEPT
# MYSQL
#iptables -A INPUT -p tcp -s 77.70.80.21 --destination-port 3306 -j ACCEPT
# VPN
#iptables -A INPUT -p udp --destination-port 1194 -j ACCEPT
#SNMP
#iptables -A INPUT -i $HOME -s 172.16.20.2/32 -p udp --source-port 161 -j ACCEPT
# NTP
iptables -A INPUT -p udp --source-port 123 -j ACCEPT
# WHOIS LOOKUP
#iptables -A INPUT -p tcp --source-port 43 -j ACCEPT

iptables -A INPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j DROP
#iptables -A INPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
#############OUTPUT - ACCEPT ALL #############