nikolaybotev/iptables-firewall-config.sh

## iptables-firewall-config.sh
UPSTREAM_IFACE="${1:-eth1}"

# IPv4 and IPv6

for iptables in iptables ip6tables; do
  # :INPUT
  # - returning traffic
  sudo $iptables -A INPUT -i $UPSTREAM_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
  # - ping
  sudo $iptables -A INPUT -i $UPSTREAM_IFACE -p icmp -j ACCEPT
  # - ssh
  sudo $iptables -A INPUT -i $UPSTREAM_IFACE -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
  # - or drop
  sudo $iptables -A INPUT -i $UPSTREAM_IFACE -j DROP

  # :FORWARD
  # - returning traffic
  sudo $iptables -A FORWARD -i $UPSTREAM_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
  # - or drop
  sudo $iptables -A FORWARD -i $UPSTREAM_IFACE -j DROP
done
	UPSTREAM_IFACE="${1:-eth1}"

	# IPv4 and IPv6

	for iptables in iptables ip6tables; do
	# :INPUT
	# - returning traffic
	sudo $iptables -A INPUT -i $UPSTREAM_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
	# - ping
	sudo $iptables -A INPUT -i $UPSTREAM_IFACE -p icmp -j ACCEPT
	# - ssh
	sudo $iptables -A INPUT -i $UPSTREAM_IFACE -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
	# - or drop
	sudo $iptables -A INPUT -i $UPSTREAM_IFACE -j DROP

	# :FORWARD
	# - returning traffic
	sudo $iptables -A FORWARD -i $UPSTREAM_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
	# - or drop
	sudo $iptables -A FORWARD -i $UPSTREAM_IFACE -j DROP
	done