cransom/gist:2c06e7e81cefb0b8f143461dbe031234

## gistfile1.txt
    #10 is wan interface, 20 is lan, 25 is my bench/thing i want to keep away from internal.


    #let established flows from bench to lan work
    iptables -A FORWARD -i eno1.25 -o eno1.20 -m state --state ESTABLISHED,RELATED -j ACCEPT
    #let bench to internet work
    iptables -A FORWARD -i eno1.25 -o eno1.10 -j ACCEPT
    #let established flows from internet to bench go
    iptables -A FORWARD -i eno1.10 -o eno1.25 -m state --state ESTABLISHED,RELATED -j ACCEPT
    #drop everything else.
    iptables -A FORWARD -i eno1.25 -j DROP

    #the rule set implies that traffic from lan to bench is allowed because the return traffic is related.
	#10 is wan interface, 20 is lan, 25 is my bench/thing i want to keep away from internal.


	#let established flows from bench to lan work
	iptables -A FORWARD -i eno1.25 -o eno1.20 -m state --state ESTABLISHED,RELATED -j ACCEPT
	#let bench to internet work
	iptables -A FORWARD -i eno1.25 -o eno1.10 -j ACCEPT
	#let established flows from internet to bench go
	iptables -A FORWARD -i eno1.10 -o eno1.25 -m state --state ESTABLISHED,RELATED -j ACCEPT
	#drop everything else.
	iptables -A FORWARD -i eno1.25 -j DROP

	#the rule set implies that traffic from lan to bench is allowed because the return traffic is related.