ETiV/iptables.sh

## iptables.sh
#! /bin/bash

#DYNAMIC_IP=""
set -e

# Set the default policies to allow everything while we set up new rules.
# Prevents cutting yourself off when running from remote SSH.
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT

# Flush any existing rules, leaving just the defaults
/sbin/iptables -F
/sbin/iptables -t nat -F

# Accept any localhost (loopback) calls.
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

# Allow ping.
/sbin/iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow any existing connection to remain.
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open 80 & 443
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT

#
# Other rules...
#
#/sbin/iptables -A INPUT -p tcp -s ${DYNAMIC_IP} -j ACCEPT

# Deny for incoming SSH connections.
#/sbin/iptables -A INPUT -p tcp --dport 22 -j DROP
#/sbin/iptables -A INPUT -p tcp --match multiport --dports 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009 -j REJECT
#/sbin/iptables -A INPUT -p tcp --match multiport --dports 2000:2039 -j REJECT  --reject-with tcp-reset

### end ###
/sbin/iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -j DROP
/sbin/iptables -A FORWARD -j DROP

# Display the settings.
# /sbin/iptables -nL -v --line-numbers
	#! /bin/bash

	#DYNAMIC_IP=""
	set -e

	# Set the default policies to allow everything while we set up new rules.
	# Prevents cutting yourself off when running from remote SSH.
	/sbin/iptables -P INPUT ACCEPT
	/sbin/iptables -P FORWARD ACCEPT
	/sbin/iptables -P OUTPUT ACCEPT

	# Flush any existing rules, leaving just the defaults
	/sbin/iptables -F
	/sbin/iptables -t nat -F

	# Accept any localhost (loopback) calls.
	/sbin/iptables -A INPUT -i lo -j ACCEPT
	/sbin/iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

	# Allow ping.
	/sbin/iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
	/sbin/iptables -A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT

	# Allow any existing connection to remain.
	/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

	# Open 80 & 443
	/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
	/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT

	#
	# Other rules...
	#
	#/sbin/iptables -A INPUT -p tcp -s ${DYNAMIC_IP} -j ACCEPT

	# Deny for incoming SSH connections.
	#/sbin/iptables -A INPUT -p tcp --dport 22 -j DROP
	#/sbin/iptables -A INPUT -p tcp --match multiport --dports 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009 -j REJECT
	#/sbin/iptables -A INPUT -p tcp --match multiport --dports 2000:2039 -j REJECT --reject-with tcp-reset

	### end ###
	/sbin/iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
	/sbin/iptables -A INPUT -j DROP
	/sbin/iptables -A FORWARD -j DROP

	# Display the settings.
	# /sbin/iptables -nL -v --line-numbers