#!/bin/bash

### dropping possible old rules ###
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD


### setting the default rules (assuming outgoing packets are not malicious) ###
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP


# accept all the input packets that are the reply
# to connections I started (for both eth0 and lo interface)
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


# limiting ping in order to prevent possible ping floods
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -j DROP


### opening input ports ###
/sbin/iptables -A INPUT -p tcp --dport *ssh_port* -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# the following if your server is running a DNS service
/sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
# the local SMTP server can already send mail because the output chain is not filtered
# the following if you want to receive mail from other server
/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT


# accepting all the connection from myself
/sbin/iptables -A INPUT -s 127.0.0.1 -j ACCEPT
/sbin/iptables -A INPUT -s *my_id_address* -j ACCEPT