#############################################
#### FIREWALLING WITH IPTABLES by PuCCiO ####
######## tested for spine-group.org #########
######## tested for pucciolab.org ##########
######## tested for slackit.org ############
############### Beta Version ###############
############################################

iptables -P INPUT DROP

iptables -F

iptables -X

iptables -t nat -A PREROUTING -i ppp0 -s 127.0.0.0/8 -j DROP

iptables -t nat -A PREROUTING -i ppp0 -s 192.168.0.0/16 -j DROP

iptables -t nat -A PREROUTING -i ppp0 -d ! $IP -j DROP

### SPERIMENTALE ###

iptables -t nat -A PREROUTING -i ppp0 -m unclean -j DROP

iptables -N ppp_in

iptables -N services

iptables -N conn_state

iptables -N flags

iptables -N blocked

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -i ppp0 -j ppp_in

iptables -A conn_state -m state --state INVALID -j DROP

iptables -A conn_state -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A tcp_flags -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP

iptables -A tcp_flags -p tcp --tcp-flags ALL ALL -j DROP

iptables -A tcp_flags -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

iptables -A tcp_flags -p tcp --tcp-flags ALL NONE -j DROP

iptables -A tcp_flags -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

iptables -A tcp_flags -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

iptables -A tcp_flags -p tcp --tcp-flags FIN FIN -j DROP

iptables -A services -j DROP

iptables -A ppp_in -j blocked

iptables -A ppp_in -j conn_state

iptables -A ppp_in -j flags

iptables -A ppp_in -p tcp --dport 1:1024 -j services

iptables -A ppp_in -p udp --dport 1:1024 -j services

iptables -A ppp_in -p icmp --icmp-type ! echo-request -j ACCEPT

iptables -A ppp_in -p tcp --sport 20 -j ACCEPT

iptables -A ppp_in -p tcp --dport 6699 -j ACCEPT

############# FINE FIREWALL ###########