nikolaybotev · June 11, 2021 04:41 · nikolaybotev · Jun 11, 2021
diff --git a/iptables-firewall-config.sh b/iptables-firewall-config.sh
 UPSTREAM_IFACE="${1:-eth1}"

 # IPv4 and IPv6

 for iptables in iptables ip6tables; do
  # :INPUT
  # - returning traffic
  sudo $iptables -A INPUT -i $UPSTREAM_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
  # - ping
  sudo $iptables -A INPUT -i $UPSTREAM_IFACE -p icmp -j ACCEPT
  # - ssh
  sudo $iptables -A INPUT -i $UPSTREAM_IFACE -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
  # - or drop
  sudo $iptables -A INPUT -i $UPSTREAM_IFACE -j DROP

  # :FORWARD
  # - returning traffic
  sudo $iptables -A FORWARD -i $UPSTREAM_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
  # - or drop
  sudo $iptables -A FORWARD -i $UPSTREAM_IFACE -j DROP
 done
	UPSTREAM_IFACE="${1:-eth1}"

	# IPv4 and IPv6

	for iptables in iptables ip6tables; do
	# :INPUT
	# - returning traffic
	sudo $iptables -A INPUT -i $UPSTREAM_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
	# - ping
	sudo $iptables -A INPUT -i $UPSTREAM_IFACE -p icmp -j ACCEPT
	# - ssh
	sudo $iptables -A INPUT -i $UPSTREAM_IFACE -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
	# - or drop
	sudo $iptables -A INPUT -i $UPSTREAM_IFACE -j DROP

	# :FORWARD
	# - returning traffic
	sudo $iptables -A FORWARD -i $UPSTREAM_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
	# - or drop
	sudo $iptables -A FORWARD -i $UPSTREAM_IFACE -j DROP
	done