!/bin/sh
#====================================================================
# Linux IPtables filter script generated Mo Nov  8 21:23:26 CET 2004
# by PFconf 0.8.1  -  http://www.wyae.de/software/pfconf/
#====================================================================
 
# flush all tables and set default policy
iptables -F
 
# Default Policies
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
 
# enable statefulness
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# allow PING etc.
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A FORWARD -p icmp -j ACCEPT
 
# allow SSH access for the given admin workstations
iptables -A INPUT -s 192.168.1.1 -p tcp --dport 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -s 192.168.1.2 -p tcp --dport 22 -m state --state NEW -j ACCEPT
 
 
#----------------------------------------------------
# From:      192.168.1.0/24
# To:        0.0.0.0/0
# Service:   udp/53 tcp/53
# Action:    ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 0.0.0.0/0 -p udp --dport 53  -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 0.0.0.0/0 -p tcp --dport 53  -m state --state NEW -j ACCEPT
 
#----------------------------------------------------
# From:      192.168.1.0/24
# To:        213.203.244.188 213.203.244.185
# Service:   tcp/25 tcp/110 tcp/995 tcp/143 tcp/993
# Action:    ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 213.203.244.188 -p tcp --dport 25  -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 213.203.244.188 -p tcp --dport 110  -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 213.203.244.188 -p tcp --dport 995  -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 213.203.244.188 -p tcp --dport 143  -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 213.203.244.188 -p tcp --dport 993  -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 213.203.244.185 -p tcp --dport 25  -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 213.203.244.185 -p tcp --dport 110  -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 213.203.244.185 -p tcp --dport 995  -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 213.203.244.185 -p tcp --dport 143  -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 213.203.244.185 -p tcp --dport 993  -m state --state NEW -j ACCEPT
 
#----------------------------------------------------
# From:      192.168.1.0/24
# To:        213.203.244.188 195.234.139.224
# Service:   tcp/80 
# Action:    ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 213.203.244.188 -p tcp --dport 80  -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 195.234.139.224 -p tcp --dport 80  -m state --state NEW -j ACCEPT