#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
IPT='/sbin/iptables'
for a in `cat /proc/net/ip_tables_names`; do
${IPT} -F -t $a
${IPT} -X -t $a
if [ $a = nat ]; then
${IPT} -t nat
-P PREROUTING ACCEPT
${IPT} -t nat
-P POSTROUTING ACCEPT
${IPT} -t nat
-P OUTPUT ACCEPT
elif [ $a = mangle ];
then
${IPT} -t
mangle -P PREROUTING ACCEPT
${IPT} -t
mangle -P INPUT ACCEPT
${IPT} -t
mangle -P FORWARD ACCEPT
${IPT} -t
mangle -P OUTPUT ACCEPT
${IPT} -t
mangle -P POSTROUTING ACCEPT
elif [ $a = filter ];
then
${IPT} -t
filter -P INPUT DROP
${IPT} -t
filter -P FORWARD DROP
${IPT} -t
filter -P OUTPUT DROP
fi
done
WAN="eth0"
iptables -A INPUT -i eth0 -p tcp --dport 2222 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 2222 -m state --state
ESTABLISHED -j ACCEPT
