firewall.sh

# Clear chains
iptables -F

# Allow outgoing traffic and disallow any passthroughs
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Allow traffic already established to continue
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# HTTP
iptables -A INPUT -j ACCEPT -p tcp --destination-port 80 -i eth0

# SSH
iptables -A INPUT -j ACCEPT -p tcp --destination-port 22 -i eth0

# FTP
iptables -A INPUT -j ACCEPT -p tcp --destination-port 21 -i eth0
iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT

# MONIT
iptables -A INPUT -j ACCEPT -p tcp --destination-port 2812 -i eth0

# Allow local loopback services
iptables -A INPUT -i lo -j ACCEPT

# Block all ports
iptables -A INPUT -j DROP -p tcp -i eth0