#!/usr/bin/env bash

# Flush all the tables first
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F

iptables -t filter -P INPUT DROP
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Accept ssh from the LAN (Wired)
iptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
# Accept http from the LAN (Wired)
iptables -t filter -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
# Accept tftp from the LAN (Wired)
#iptables -t filter -A INPUT -i eth0 -p udp --dport 69 -j ACCEPT

# Accept ssh from the WAN (Wireless)
#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
# Accept http from the WAN (Wireless)
#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT

iptables -t filter -P FORWARD DROP
iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -o ppp0 -j ACCEPT

iptables -t filter -P OUTPUT ACCEPT

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# turn on packet forwarding last
echo 1 > /proc/sys/net/ipv4/ip_forward