#!/bin/bash

# 1/ flush all
printf "flush\n";
iptables -F;
ip6tables -F;

# 2/ default policies
printf "set default policy (drop)\n";
iptables -P FORWARD DROP; #WARN
ip6tables -P FORWARD DROP; #WARN

iptables -P INPUT DROP;
ip6tables -P INPUT DROP;

iptables -P OUTPUT ACCEPT;
ip6tables -P OUTPUT ACCEPT;

# 3/ allow localhost
iptables -A INPUT -i lo -j ACCEPT;
iptables -A FORWARD -i lo -j ACCEPT;

ip6tables -A INPUT -i lo -j ACCEPT;
ip6tables -A FORWARD -i lo -j ACCEPT;

# 4/ allow ping
iptables -A INPUT -p icmp -j ACCEPT;
ip6tables -A INPUT -p icmp -j ACCEPT;

# 5/ allow ssh
iptables -A INPUT -p tcp --dport 22 -j ACCEPT;
ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT;

# 5/ allow http
iptables -A INPUT -p tcp --dport 80 -j ACCEPT;
ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT;

# 6/ allow https
iptables -A INPUT -p tcp --dport 443 -j ACCEPT;
ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT;

# x/ keep established connections
printf "keep established connections\n";
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;