for systemd and iptables sources:
sudo mkdir /etc/firewall
sudo touch /etc/firewall/{enable,enable6}.sh /etc/systemd/system/firewall.service
sudo chmod +x /etc/firewall/*.sh
#!/bin/sh
# A very basic IPtables / Netfilter script /etc/firewall/enable.sh
PATH='/sbin'
# Flush the tables to apply changes
iptables -F
# Default policy to drop 'everything' but our output to internet
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Allow established connections (the responses to our outgoing traffic)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow local programs that use loopback (Unix sockets)
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
# allow ssh from specific ip
# iptables -A INPUT -s 10.20.0.2 -p tcp --dport 22 -m state --state NEW -j ACCEPT
# allow ssh from anywhere
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
#!/bin/sh
# A very basic IP6tables / Netfilter6 script
PATH='/sbin'
# Flush the tables to apply changes
ip6tables -F
#ACCEPT POLICY
ip6tables -P INPUT DROP #If it doesn't match a rule Drop it
ip6tables -P FORWARD DROP #NO ROUTING POLICY DROP
ip6tables -P OUTPUT ACCEPT #If it doesn't match a rule
########
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -m state --state ESTABLISHED,RELATED -A INPUT -j ACCEPT
ip6tables -A INPUT -p icmpv6 -j ACCEPT
# allow ssh from anywhere (not sure for sport and dport)
ip6tables -A INPUT -i sit+ -p tcp --sport 512:65535 --dport 22 -j ACCEPT
ip6tables -A OUTPUT -o sit+ -p tcp --dport 512:65535 --sport 22 ! --syn -j ACCEPT
[Unit]
Description=Add Firewall Rules to iptables
[Service]
Type=oneshot
ExecStart=/etc/firewall/enable.sh
ExecStart=/etc/firewall/enable6.sh
[Install]
WantedBy=multi-user.target
systemctl enable firewall.service