firewall

#!/bin/bash

IPT=$(which iptables)

tcp_ports_in=()
tcp_ports_out=()
udp_ports_in=()
udp_ports_out=()

# Always set policies to allow before flushing
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

echo ""
echo "Flushing Existing Rules"
echo "-----------------------"
$IPT -F; echo -e "Rules Flushed [ \e[32mDONE\e[39m ]"
sleep 1; echo ""

echo "Setting Basic Rules"
echo "-------------------"
# Allow in/out all Related or Established traffic
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Always allow SSH
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 22 -j ACCEPT

# Localhost Rules
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT

# ICMP Rules
$IPT -A INPUT -p icmp -j ACCEPT
$IPT -A OUTPUT -p icmp -j ACCEPT

# DNS Rules
$IPT -A OUTPUT -p udp --dport 53 -j ACCEPT
echo -e "Basic Rules [ \e[32mDONE\e[39m ]"
sleep 1; echo ""

echo "Setting TCP Rules"
echo "-----------------"
for port in ${tcp_ports_in[*]}; do
	$IPT -A INPUT -p tcp --dport $port -j ACCEPT
	echo -e "Port $port IN [ \e[32mDONE\e[39m ]"
done

for port in ${tcp_ports_out[*]}; do
        $IPT -A OUTPUT -p tcp --dport $port -j ACCEPT
	echo -e "Port $port OUT [ \e[32mDONE\e[39m ]"
done; echo ""
sleep 1

echo "Setting UDP Rules"
echo "-----------------"
for port in ${udp_ports_in[*]}; do
	$IPT -A INPUT -p udp --dport $port -j ACCEPT
	echo -e "Port $port IN [ \e[32mDONE\e[39m ]"
done

for port in ${udp_ports_out[*]}; do
        $IPT -A OUTPUT -p udp --dport $port -j ACCEPT
        echo -e "Port $port OUT [ \e[32mDONE\e[39m ]"
done; echo ""
sleep 1

echo "Setting Default Policies to DROP"
echo "--------------------------------"
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT DROP
sleep 1; echo -e "Policies set to DROP [ \e[32mDONE\e[39m ]"
echo ""