blob: f8b971808d305c76e430514c2c5362ced2edb61e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
#!/usr/bin/env bash
# Flush all the tables first
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F
iptables -t filter -P INPUT DROP
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Accept ssh from the LAN (Wired)
iptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
# Accept http from the LAN (Wired)
iptables -t filter -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
# Accept tftp from the LAN (Wired)
#iptables -t filter -A INPUT -i eth0 -p udp --dport 69 -j ACCEPT
# Accept ssh from the WAN (Wireless)
#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
# Accept http from the WAN (Wireless)
#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -o ppp0 -j ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# turn on packet forwarding last
echo 1 > /proc/sys/net/ipv4/ip_forward
|
