#!/bin/bash
#
#######################################################################
# iptables rules
#######################################################################
#
# Flush current V4 polices
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
# Set default chain policies
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P INPUT DROP
# Drop null packets
iptables -I INPUT -p tcp --tcp-flags ALL NONE -j DROP
# DROP syn-flood packets
iptables -I INPUT -p tcp ! --syn -m state --state NEW -j DROP
# DROP XMAS packets
iptables -I INPUT -p tcp --tcp-flags ALL ALL -j DROP
# Accept on localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Accept on local network (optional)
iptables -A INPUT -s 192.168.0.1/24 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.1/24 -j ACCEPT
# Accept incoming SSH (default)
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
# Accept incoming SSH
iptables -A INPUT -p tcp -s 55.55.55.55 -m tcp --dport 19780 -j ACCEPT
iptables -A INPUT -p tcp -s 55.55.55.55 -m tcp --dport 19780 -j ACCEPT
# Accept incoming HTTPS for SoftEther (default)
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Accept incoming OpenVPN
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
# Accept incoming IPsec
#iptables -A INPUT -p udp --dport 500 -j ACCEPT
#iptables -A INPUT -p udp --dport 4500 -j ACCEPT
# Allow established sessions to receive traffic
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
#########################################
### End of rules
#########################################
# Save Changes
service iptables save
# Service
systemctl restart iptables
systemctl status iptables