#!/bin/sh

set -x

ANYWHERE="0/0"
LOCALHOST="127.0.0.0/8"
USER_IP="192.168.100.0/24"

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F
iptables -F -t nat

iptables -P INPUT ACCEPT
#iptables -P FORWARD DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A INPUT -j ACCEPT -s $USER_IP -d $ANYWHERE
iptables -A INPUT -j ACCEPT -s $LOCALHOST -d $LOCALHOST
iptables -A INPUT -j DROP -p tcp -s $ANYWHERE -d $ANYWHERE --dport 1:1023
iptables -A INPUT -j DROP -p udp -s $ANYWHERE -d $ANYWHERE --dport 1:1023

iptables -A FORWARD -j ACCEPT -s $LOCALHOST -d $LOCALHOST
iptables -A FORWARD -j ACCEPT -s $USER_IP -d $ANYWHERE
iptables -A FORWARD -j DROP -p tcp -s $ANYWHERE -d $ANYWHERE --dport 1:1023
iptables -A FORWARD -j DROP -p udp -s $ANYWHERE -d $ANYWHERE --dport 1:1023
iptables -A FORWARD -j DROP -p icmp -s $ANYWHERE -d $ANYWHERE
iptables -A POSTROUTING -j MASQUERADE -o eth1 -t nat
