#!/bin/sh
IPT="/sbin/iptables"
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 > /proc/sys/net/ipv4/ip_forward
#modules
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
# Enable free use of loopback interfaces
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# Input policy
$IPT -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
TCP="22,25,53,80,123,443,993"
UDP="53,123"
$IPT -A INPUT -i eth0 -p tcp -j ACCEPT -m multiport --dports $TCP -m state --state NEW
$IPT -A INPUT -i eth0 -p udp -j ACCEPT -m multiport --dports $UDP -m state --state NEW